ClawHub

Kami Smarthome Suite

Security checks across malware telemetry and agentic risk

Overview

This smart-home installer is coherent, but it asks for broad install authority and stores camera/API/notification secrets across multiple local files, so users should review it carefully before installing.

Install only if you are comfortable with a bundle that downloads six related skills, installs Python dependencies, may alter your Python environment, and stores camera endpoints plus API and notification secrets locally in plaintext. Prefer interactive setup over passing keys on the command line, review generated config files, and avoid letting the skill run setup from a vague prompt without explicit confirmation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The installer can invoke `sudo apt update && sudo apt install -y ...` to add system packages, which exceeds the expected scope of a smart-home skill bundle installer and modifies the host OS. Even though it is gated behind an interactive prompt, this still expands the trust boundary substantially and creates risk from unnecessary privileged package operations.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The trigger set includes broad phrases like `smart home suite`, `install all kami`, and `kami home assistant`, which can match generic user requests and cause this installer skill to activate unexpectedly. In this context, accidental activation is more dangerous because the skill's documented behavior includes downloading sub-skills, prompting for secrets, and running shell scripts.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The instructions tell the agent to write API keys and notification tokens into `kami_config.json` and then distribute them into multiple per-skill config files, but the storage risk is not prominently warned at the point of collection. This increases exposure of sensitive credentials by duplicating them across disk locations, making compromise more likely if the host or workspace is accessed by other processes or users.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script accepts an API key via a command-line argument and then persists it to both kami_config.json and ~/.kami/credentials.json. Command-line secrets are commonly exposed through shell history, process listings, logging, and CI job metadata, so this creates avoidable credential leakage risk even though the code is not overtly malicious.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script accepts an API key as a positional command-line argument and rewrites it into a --api-key flag when invoking Python. Secrets passed on the command line can be exposed via shell history, process listings, audit logs, and debugging tools, which is especially relevant here because this is a centralized SmartHome suite and the key may grant broad access across multiple integrated skills.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script automatically creates a new conda environment (`conda create -n km310 ...`) without an explicit confirmation step in this code path. Silent creation of environments changes the user's development/runtime setup, can consume disk space, and may interfere with existing workflows in a way users do not expect from a bundle installer.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
In the fallback path, the installer again creates a conda environment automatically without prior user approval. Repeated hidden environment creation increases operational risk and makes the installer more invasive than necessary for a smart-home skill bundle.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal