led controler
Security checks across malware telemetry and agentic risk
Overview
This skill is transparent about controlling Raspberry Pi GPIO pins, but it can change physical hardware state through an unauthenticated, hardcoded local HTTP endpoint with weak local scoping.
Install only if you control the Raspberry Pi, the local network, and the hardware attached to the GPIO pins. Before use, edit the hardcoded IP address, add local validation for allowed actions and safe pins, and avoid using it for safety-critical or high-power devices without explicit human confirmation.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.