RDK X5 App Resources
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill is coherent for RDK X5 hardware demos, but users should be careful because it guides the agent to run local hardware-control scripts that may need elevated permissions.
This skill appears benign and purpose-aligned for RDK X5 development. Before using it, confirm you are on the intended board, review commands that touch GPIO/cameras/buses, and avoid running hardware demos with root privileges unless you understand the effect.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the suggested demos could toggle GPIO pins, control relays or motors, access cameras, or interact with attached buses.
The skill intentionally enables commands that interact with physical hardware and media devices. This is aligned with the skill purpose, but the actions can affect connected devices.
including GPIO control, I2C/SPI communication, video capture, media processing, and AI inference
Use only on the intended RDK X5 board, confirm wiring and peripherals before running commands, and ask the agent to explain any hardware-impacting command before execution.
If commands are run as root or with device permissions, mistakes may affect hardware state or system resources more broadly than an ordinary user command.
The skill discloses that elevated or hardware-level permissions may be needed. This is expected for board hardware demos, but it increases the impact of mistakes.
Most operations require root privileges or proper hardware permissions
Grant elevated privileges only for specific, understood commands and avoid unattended or broad root execution.
The reviewed artifact does not prove what the referenced /app scripts on a device will do.
The skill itself is instruction-only, but its provenance is not documented and it refers users to board-local scripts that were not included in the supplied review artifacts.
Source: unknown; Homepage: none
Use this with a trusted RDK X5 image and inspect or verify board-local scripts before running sensitive hardware or root-level demos.