ClawHub

soarm-control

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended for local SOARM robot control, but it gives an agent direct physical movement and pick authority with limited documented safety controls.

Install only if you intend an agent to control a connected SOARM robotic arm. Keep the API bound to localhost or a protected network, verify calibration before motion, inspect and pin the external URDF/model files, clear the workspace, supervise all runs, and require explicit human confirmation before any move or pick command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
71% confidence
Finding
The skill documents operational behavior that depends on environment and local runtime capabilities, but does not declare permissions or capability requirements. This creates a transparency and governance gap: users or orchestration systems cannot accurately assess what the skill can access or invoke before use.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented purpose is limited to robotic-arm control, but the referenced setup and analysis indicate additional camera access, live object detection, background processing, and autonomous pick behavior. Hidden or under-declared sensing and autonomous actuation are dangerous because they materially expand the skill's real-world impact and can surprise users, bypass informed consent, and increase physical and privacy risk.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest description omits the pick-task capability even though the skill documents a `/pick` endpoint. Undisclosed autonomous grasping changes the risk profile from simple positioning to active task execution in the physical world, which can cause unexpected motion or object handling without adequate operator awareness.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill provides direct movement and pick commands for a physical robot without any safety warning, confirmation requirement, workspace constraints, or emergency-stop guidance. In a robotics context, undocumented actuation can lead to collisions, pinching, dropped objects, or injury, so the missing safety guardrails materially increase danger.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The API exposes physical robot motion and disconnect operations over HTTP with no authentication, authorization, operator confirmation, or safety interlock in this file. An actor who can reach the service can directly command movement or interrupt control, creating a meaningful risk of unsafe motion, equipment damage, or injury; the robotics context makes this more dangerous because software misuse immediately translates into physical actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal