ClawHub

YZL-AIoT

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it can immediately control real IoT water valves from broad natural-language prompts without a confirmation step.

Install only if you are authorized to control the connected YZL devices and you are comfortable with natural-language prompts opening or closing valves immediately. Prefer using explicit manual commands with verified device IDs, and avoid delegating this skill to autonomous workflows unless you add a confirmation or approval layer.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The activation phrase and invocation scope are broad for a skill that can issue real-world control commands such as opening valves. Broad matching increases the chance that ordinary conversation or loosely related prompts trigger device actions unexpectedly, especially because the skill advertises one-shot natural language control with embedded credentials.

Vague Triggers

Medium
Confidence
93% confidence
Finding
Examples like '获取传感器数据', '打开电磁阀', and '关闭水阀' are generic everyday phrases that can easily overlap with ordinary user requests. In this skill’s context, that overlap is more dangerous than usual because the commands affect physical IoT equipment, potentially causing unintended valve actuation or data disclosure.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill prominently advertises remote control of valves but does not include a clear safety warning about physical-world consequences, authorization expectations, or the need to verify the target device before execution. For an AIoT skill, this omission materially increases risk because mistaken or unauthorized actuation can affect irrigation systems, water flow, or connected infrastructure.

Missing User Warnings

High
Confidence
91% confidence
Finding
The `cmd_send` path can issue remote control commands to IoT devices immediately, with no local confirmation, allowlist, or safety interlock. In an automation or agent setting, a mistaken or adversarial prompt could trigger irreversible physical actions such as opening valves or changing device state without operator review.

Missing User Warnings

High
Confidence
96% confidence
Finding
The natural-language smart command path maps broad phrases like '打开电磁阀' or '关闭水阀' directly to real device control operations and executes them without confirmation. This is dangerous because ambiguous language, prompt injection, or user misunderstanding can cause immediate physical-world effects on connected infrastructure.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal