ClawHub

yzl-iot-api

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned for Yunzhilian IoT management, but it can directly control real-world valves from broad natural-language commands without confirmation or clear safety scoping.

Install only if you trust the publisher and understand the Yunzhilian devices tied to your API key. Treat this as a Review item: configure the API key with the least device authority available, avoid using it in unattended or voice-triggered contexts, and require your agent workflow to confirm the exact target device and open/close action before sending valve commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The generic send interface allows arbitrary command types and arguments to be transmitted to remote IoT devices, far beyond the narrowly described 'open switch/get data' use case. In an IoT context, this materially expands the attack surface and can enable unauthorized or unintended physical actions if an agent, prompt, or user supplies unexpected command payloads.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill advertises broad activation phrasing and everyday commands such as opening switches or getting data, which can overlap with normal conversation. In a skill that can control physical IoT devices, ambiguous triggers raise the risk of unintended invocation and unauthorized real-world actions.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The quick-use examples are short, generic phrases like '打开电磁阀' and '关闭水阀' with no explicit invocation delimiter or safety confirmation. Because these commands actuate remote valves, accidental triggering could cause water flow changes, equipment issues, or operational disruption.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The natural-language examples use common conversational requests like '帮我看看传感器数据' and '打开电磁阀' without exclusions, authentication context, or confirmation. In a voice- or chat-driven environment, these broad phrases increase the chance of accidental or socially engineered device control.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation normalizes remote valve control but does not warn that these commands affect physical infrastructure. Without safety messaging, users may underestimate the consequences of issuing commands that can alter irrigation, cause flooding, or disrupt operations.

Missing User Warnings

High
Confidence
97% confidence
Finding
The smart action handler directly opens or closes a valve based on loose natural-language matching and immediately sends a control command without an explicit confirmation step. Because this affects physical equipment, accidental invocation, ambiguous phrasing, or prompt-driven misuse could cause unsafe real-world consequences such as unintended water flow or service disruption.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The generic command sender performs remote device control with no user-facing safety notice, confirmation, or policy checks around dangerous operations. While this overlaps with the broader arbitrary-command issue, the absence of a warning/confirmation layer independently increases the likelihood of accidental or socially engineered device actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal