Back to skill

Security audit

m5stack-uiflow2-coder

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent UIFlow2 documentation assistant, but some bundled examples can modify hardware, tags, or biometric data without clear warnings.

Review examples before installing or relying on this skill for generated code. Add explicit confirmations and safety checks before running code that writes NFC/RFID data, deletes biometric enrollments, sends USB keyboard or mouse input, controls motors or relays, records audio, logs GPS coordinates, or uses radio/network credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (116)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The IR transmission example contradicts its description by registering an IR receive callback and referencing an undefined handler (`ir_rx_event`). This creates a broken example that can mislead users, cause runtime failure, and obscure the actual device behavior, which is especially risky in hardware-control documentation where users expect copy-paste-safe code.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The IR reception section explicitly instructs that external output mode must be enabled, but the code never enables it. This mismatch can cause the example to fail unexpectedly and may lead users to misdiagnose hardware, power, or firmware issues while interacting with device power controls.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The example code calls delete_all_user() during setup, which irreversibly wipes all enrolled fingerprints as soon as the example runs. Because the surrounding documentation presents this as a general example without a prominent warning, users may execute it on real hardware and unintentionally destroy biometric enrollment data.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The example is labeled and described as a detection-only demo, but the code also performs NFC writes whenever a card is present. This can cause unintended modification of nearby tags during routine testing, especially because users may run the sample expecting only passive reads and UI updates.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
These lines show the sample writing data to the detected NFC card despite the documentation framing the example as card detection. Silent write behavior on physical tokens is risky because it can alter or corrupt card contents without informed user consent.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documentation describes face enrollment, recognition, and deletion workflows without warning that these features capture and store biometric identifiers. In a coding-assistant skill, this can lead developers to deploy biometric collection features without informed consent, retention, or deletion UX, increasing privacy and compliance risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation demonstrates USB HID keyboard injection into a connected host without any warning, consent requirement, or discussion of unintended input on the attached computer. In a coding assistant skill, this can normalize or enable keystroke injection behavior that may type commands into a host system, causing accidental or unauthorized actions if users test examples blindly.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation provides working code that turns the device into a USB HID mouse capable of moving the host cursor and issuing clicks, but it does not warn that this affects the connected host immediately. In the context of an agent skill that helps generate code, lack of an explicit safety notice increases the risk of unintended host interaction, user disruption, or misuse on a connected computer.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The example continuously prints precise GPS time, date, latitude, longitude, altitude, and related telemetry to the serial monitor without any privacy warning or guidance on safe handling. In a coding assistant/documentation context, users may copy this example directly into deployed devices, unintentionally exposing location history or live whereabouts through logs, screenshots, or attached serial consoles.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation exposes an API that switches a relay controlling a mains-powered socket but provides no safety warning about energizing/de-energizing connected equipment, electrical hazards, or safe-load constraints. In a coding assistant context, users may copy examples directly into automation workflows, increasing the chance of unsafe operation of attached appliances or industrial loads.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation instructs users to record microphone audio and save it to a fixed path (/flash/res/audio/test.wav) without any warning about microphone capture, retention of recorded content, or overwriting an existing file. In a coding-assistant skill, examples are likely to be copied directly into projects, so omission of privacy and storage cautions can lead to unintended recording or silent data loss on-device.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation provides a ready-to-run LoRaWAN example that performs network join and transmits data, but it does not warn users that real OTAA/ABP identifiers and keys must be protected and that transmitted data and device identifiers may be exposed if copied from production environments. In a coding-assistant skill, such examples are likely to be reused directly, increasing the chance of accidental credential disclosure or unintended radio/network activity.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation includes realistic-looking LoRaWAN identifiers and keys in example OTAA configuration without clearly warning users that these values are placeholders and must never be reused for production deployments. In an agent skill context, users may copy-paste examples directly, increasing the risk of secret mishandling, accidental reuse of credentials, or committing real keys into source control.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The API documentation instructs users to provide ABP and OTAA network/application keys but gives no guidance on secure handling of those secrets. In a coding-assistant skill, this omission is riskier because generated code may encourage hardcoding sensitive credentials into source files, logs, or shared examples.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The MQTT example connects to a public remote broker over plaintext port 1883 with a predictable client ID and no authentication, but the documentation does not warn that messages are exchanged with an external shared service. This can expose test data, enable unintended interaction with third-party messages on the same topic, and normalize insecure messaging practices for users copying the sample.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The HTTP example sends data to an `http://` endpoint, which provides no transport encryption or server authentication. In documentation for network-enabled devices, this can normalize insecure defaults and expose transmitted data or requests to interception or tampering on the network path.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The MQTT example connects to a public broker over port 1883 with no TLS and no authentication, meaning messages may be readable or modifiable in transit and the broker is externally controlled. As sample code, this may lead users to deploy insecure messaging patterns in real NB-IoT applications.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document includes microphone recording and file-saving examples without any notice about consent, privacy, or sensitive audio capture. In a coding assistant context, this can normalize adding ambient audio collection to projects without prompting developers to consider user notification, consent, retention, or secure handling of recordings.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The example continuously prints precise latitude, longitude, and altitude to the console without any privacy notice, minimization, or guidance about handling location data. In a documentation sample for embedded devices, this can normalize unsafe handling of highly sensitive geolocation data and lead downstream developers to expose real-time user/device location in logs or shared serial output.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This documentation provides a motor-control example that actively changes speed and direction without any warning about unexpected physical movement, pinch/entanglement risk, securing the device, or removing load before testing. In a coding assistant skill that may surface this example directly to users, omission of basic hardware safety guidance can lead to unsafe real-world operation even though the code itself is not overtly malicious.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The `set_speed` API directly controls actuator motion over a bidirectional range, but the docs present it as a normal parameterized call without any caution that changing sign can reverse direction and initiate hazardous movement. In this skill context, where users may rely on bundled docs to generate hardware-control code, lack of safety guidance increases the chance of accidental unsafe use.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The example directly actuates servos and DC motors but provides no safety warning about immediate physical movement, pinch hazards, or possible damage to connected mechanisms if assembled incorrectly. In a hardware-control coding skill, users often copy examples verbatim, so omission of a movement warning can plausibly lead to unintended actuation and minor hardware or physical injury.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This example binds a button press to motor-speed changes without warning that user interaction will immediately alter motor motion. That increases the risk of surprise actuation during testing, especially because the screen/button UI makes the action seem harmless while affecting real hardware.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation provides stepper-motor control examples that cause real physical movement but does not warn users about pinch, collision, overheating, load, or power-supply risks before running them. In a coding assistant skill for embedded hardware, omissions like this can lead users to execute code on connected devices without taking basic safety precautions, increasing the chance of equipment damage or minor physical injury.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation instructs users to run code that enumerates as a USB mouse and continuously sends cursor movement and click events to the connected host, but it does not warn that this will seize control of the host pointer and generate input. In a coding-assistant skill context, users may copy and run examples directly, so the missing warning increases the chance of unintended host interaction, disruption, or unsafe clicks on the developer’s machine.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.