system-controller Security Report — Low Risk | ClawSafe

15 /100

system-controller

Control Windows desktop software, hardware, and IoT devices

A legitimate Windows system control skill with well-documented capabilities; one unused shell:WRITE function (run_cmd with shell=True) exists as a latent risk but poses no active threat since it is never invoked by any module.

Skill Namesystem-controller

Duration46.3s

Enginepi

✓

Safe to install

Remove or lock down the unused run_cmd() function in scripts/common.py (shell=True + no argument validation). Otherwise the skill is safe to use for its stated purpose.

Findings 3 items

Severity	Finding	Location
Low	Unused shell=True execution path in common.py scripts/common.py defines run_cmd() which uses subprocess.run(shell=True) and passes os.environ.copy() to child processes. This function is never called by any module but is a latent risk: if ever invoked with untrusted input it could enable command injection. The function is also not declared in SKILL.md. `result = subprocess.run(command, capture_output=True, text=True, encoding='utf-8', errors='replace', timeout=timeout, shell=True, env=env)` → Remove run_cmd() entirely if unused, or restrict it to an allowlist of safe commands.	`scripts/common.py:44`
Low	Generic HTTP client accepts arbitrary URLs iot_controller.py's http_get/http_post/http_put accept any URL provided by the user and send arbitrary headers/body. While documented, this means the skill can be used as a general HTTP proxy if the user provides an arbitrary URL. `def http_get(url, path='', headers=None)` → This is by design for IoT use cases; document the limitation clearly.	`scripts/iot_controller.py:89`
Info	Auto-install of pip packages without version pinning iot_controller.py, serial_comm.py, and gui_controller.py auto-install dependencies via pip with no version constraints (pip install requests, pyserial, pyautogui, pillow). This is declared in SKILL.md but versions are unpinned, creating a supply-chain exposure. `subprocess.check_call([sys.executable, '-m', 'pip', 'install', 'requests', '-q'])` → Pin dependency versions (e.g., pip install requests==2.31.0) to ensure reproducible and secure builds.	`scripts/iot_controller.py:23`

Resource	Declared	Inferred	Status	Evidence
Shell	`WRITE`	`WRITE`	✓ Aligned	All scripts use subprocess.run/powershell — declared in SKILL.md Execution Model
Filesystem	`NONE`	`READ`	✓ Aligned	gui_controller.py:49 — screenshots written to screenshots/ subdir; not declared …
Network	`READ`	`READ`	✓ Aligned	iot_controller.py makes HTTP GET/POST to user-supplied Home Assistant URLs; decl…
Browser	`NONE`	`NONE`	—	N/A — no browser automation present
Database	`NONE`	`NONE`	—	N/A
Clipboard	`NONE`	`NONE`	—	N/A
Environment	`NONE`	`READ`	✓ Aligned	common.py:29 os.environ.copy() — only used to inject PYTHONIOENCODING; not used …
Skill Invoke	`NONE`	`NONE`	—	N/A

3 findings

🔗

Medium External URL 外部 URL

http://192.168.1.100:8123

references/command_reference.md:170

🔗

Medium External URL 外部 URL

http://192.168.1.50:8080

references/command_reference.md:190

🔗

Medium External URL 外部 URL

http://192.168.1.50/api

scripts/iot_controller.py:14

File Tree

9 files · 95.0 KB · 2758 lines

Python 7f · 2274L Markdown 2f · 484L

├─ ▾ 📁 references

│ └─ 📝 command_reference.md Markdown 227L · 6.4 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 common.py Python 79L · 2.2 KB

│ ├─ 🐍 gui_controller.py Python 655L · 23.3 KB

│ ├─ 🐍 hardware_controller.py Python 414L · 12.8 KB

│ ├─ 🐍 iot_controller.py Python 314L · 11.4 KB

│ ├─ 🐍 process_manager.py Python 197L · 6.4 KB

│ ├─ 🐍 serial_comm.py Python 256L · 8.2 KB

│ └─ 🐍 window_manager.py Python 359L · 12.2 KB

└─ 📝 SKILL.md Markdown 257L · 12.2 KB

Dependencies 5 items

Package	Version	Source	Known Vulns	Notes
`requests`	`*`	pip	No	Version not pinned; auto-installed by iot_controller.py
`pyserial`	`*`	pip	No	Version not pinned; auto-installed by serial_comm.py
`pyautogui`	`*`	pip	No	Version not pinned; auto-installed by gui_controller.py
`pillow`	`*`	pip	No	Version not pinned; auto-installed by gui_controller.py
`pytesseract`	`*`	pip	No	Optional; version not pinned; used for OCR in gui_controller.py

Security Positives

✓ All six modules' capabilities fully match SKILL.md declarations — no hidden functionality

✓ Process kill, shutdown, restart, and network adapter disable all require explicit user confirmation per SKILL.md safety rules

✓ No credential harvesting from ~/.ssh, ~/.aws, .env, or similar sensitive paths

✓ No base64-encoded payloads, reverse shells, eval() calls, or obfuscated code

✓ No remote script download (curl|bash, wget|sh patterns absent)

✓ No data exfiltration to external IPs — IoT calls go to user-supplied local URLs

✓ os.environ access is minimal (only PYTHONIOENCODING injection) with no sensitive key enumeration

✓ Input escaping present for PowerShell strings (replace "'", "''") to prevent injection

Scan Report

Findings 3 items

File Tree

Dependencies 5 items

Security Positives