ClawHub

小米/米家智能家居控制

Security checks across malware telemetry and agentic risk

Overview

This is a real Xiaomi smart-home control skill, but it asks for raw account credentials and can operate cameras and multiple home devices without enough consent or safety boundaries.

Review before installing. Use only with a trusted xiaomi-home MCP server, avoid entering your main Xiaomi password unless the platform provides secure secret handling, and require explicit confirmation before camera access, bulk scenes, heater or AC changes, and any action affecting multiple devices.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill’s declared purpose is smart-home device control and status checks, but it also adds camera snapshot review and visual scene interpretation. That materially expands the data sensitivity from device telemetry to in-home surveillance imagery, creating a scope mismatch that can surprise users and enable collection or analysis of highly private household scenes.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The instruction to use a generic Read tool on image paths introduces broader file-access capability than is necessary for device control. If the returned path is manipulated or if the Read tool can access arbitrary local files, this can become an unintended file-reading primitive and also exposes sensitive camera images without tight capability boundaries.

Vague Triggers

High
Confidence
86% confidence
Finding
Example phrases like '客厅太暗了' and '家里空气不好' are conversational observations rather than explicit commands, yet the skill treats them as triggers for action. This increases the chance of unrequested device changes, especially in contexts where the user is only describing conditions or seeking advice.

Vague Triggers

Medium
Confidence
86% confidence
Finding
Example phrases like '客厅太暗了' and '家里空气不好' are conversational observations rather than explicit commands, yet the skill treats them as triggers for action. This increases the chance of unrequested device changes, especially in contexts where the user is only describing conditions or seeking advice.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill instructs users to provide their Xiaomi account username and password directly, but offers no safeguards, privacy notice, or secure credential-handling guidance. Direct collection of account credentials by the skill creates a severe risk of credential theft, reuse exposure, and compromise of the user’s smart-home account and connected devices.

Missing User Warnings

High
Confidence
95% confidence
Finding
Camera snapshot and image analysis operate on highly sensitive household surveillance content, yet the skill provides no warning, consent mechanism, or explanation of privacy implications. This can expose intimate information about occupants, guests, routines, and the home interior beyond what users expect from ordinary device control.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The scenario command '出门了' is mapped to bulk actions such as turning off all devices without any confirmation or safeguards. In a home environment, mass shutdown can create safety, availability, or comfort issues, such as disabling necessary appliances or climate control due to a mistaken or ambiguous trigger.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal