ClawHub

Embedded Dev

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only embedded development skill with broad Chinese-language guidance but no hidden execution, credential use, persistence, or data exfiltration behavior.

Install if you want an embedded/MCU reference skill. Treat its firmware, OTA, OpenOCD, GDB, and hardware examples as guidance to review before running on real devices, because incorrect embedded commands can damage or brick hardware even when the skill itself is benign.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description says it should be invoked for essentially any embedded-development, MCU, RTOS, motor-control, sensor, firmware, debugging, or deployment question, which is a very broad activation scope. Overly broad routing can cause the agent to select this skill when a narrower or safer skill would be more appropriate, increasing the chance of irrelevant guidance, policy bypass through misrouting, or accidental handling of adjacent high-risk topics.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The metadata and introductory content are written to operate in Chinese without offering a user-choice mechanism, which can force language behavior independent of user preference. This is mainly a quality and usability control issue, but it can also degrade safety if users misunderstand technical instructions or warnings because the response language is not explicitly negotiated.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal