Aqara Agent

Security checks across malware telemetry and agentic risk

Overview

This Aqara smart-home skill is purpose-aligned, but it asks users to paste a powerful home-control API key into chat and stores it locally while enabling real device, scene, firmware, and automation changes.

Install only if you trust this publisher and are comfortable giving the skill an Aqara API credential that can control your smart home. Treat assets/user_account.json and the chat where you paste the key like secrets, verify the login URL and API base URL before entering credentials, avoid broad or security-sensitive commands unless you are sure of the target, and rotate or revoke the Aqara key if the workspace or chat history may be exposed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (11)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill supports impactful operations such as firmware upgrades, device control, scene execution, and automation creation, but the documentation emphasizes automatic execution rather than clear user-facing safety prompts for actions that can alter home behavior. In a smart-home context, silent or insufficiently confirmed changes can affect physical devices, security posture, energy usage, and occupant safety.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The login flow requires reading and writing `user_account.json` containing API keys and home-selection data, but there is no explicit privacy notice to the user about local storage, retention, or sensitivity of that session material. This increases the risk of users unknowingly exposing credentials or home metadata, especially on shared hosts or multi-tenant agent environments.

Ssd 3

High

Confidence: 98% confidence
Finding: The prompt instructs users to paste an API credential directly into chat, which exposes a long-lived secret to the conversational system, logs, transcripts, analytics pipelines, and any downstream tooling with chat access. In a home-automation skill, that credential could enable broad control over devices, scenes, automations, and account-linked data if mishandled or later retrieved.

Ssd 3

High

Confidence: 98% confidence
Finding: The Chinese locale repeats the unsafe behavior by asking the user to paste aqara_api_key into the conversation for automatic saving. Multilingual replication increases risk because the same secret-handling flaw is presented consistently to more users and normalizes sharing credentials in chat.

Ssd 3

High

Confidence: 98% confidence
Finding: The Japanese locale instructs the user to place aqara_api_key into chat, again exposing a sensitive bearer credential through conversational channels not designed for secret entry. If accessed by unauthorized internal systems, support tooling, or compromised logs, the credential could be reused to control smart-home resources.

Ssd 3

High

Confidence: 98% confidence
Finding: The Korean locale directs users to paste aqara_api_key into the conversation, creating unnecessary exposure of a sensitive access credential. Because this skill can manage devices and automations, leaked credentials could have real-world effects in the user's home environment.

Ssd 3

High

Confidence: 98% confidence
Finding: The German locale asks users to insert aqara_api_key into chat for storage, which is an unsafe secret-handling pattern. Bearer-style API keys should not transit through general chat because they may be retained, indexed, or surfaced outside the intended authentication boundary.

Ssd 3

High

Confidence: 98% confidence
Finding: The Spanish locale instructs users to paste the aqara_api_key value into the conversation, exposing an authentication secret in a medium likely subject to retention and operational access. In this skill's context, compromise could permit device control, scene execution, automation changes, and access to household telemetry.

Ssd 3

High

Confidence: 98% confidence
Finding: The Russian locale tells the user to paste aqara_api_key into chat, which mishandles a sensitive access credential by placing it into a potentially logged and reviewable channel. Because the key appears sufficient for API access, unauthorized reuse could affect both privacy and physical device operations.

Ssd 3

High

Confidence: 98% confidence
Finding: The Portuguese locale requests that users paste aqara_api_key into the conversation for automatic saving, repeating the same unsafe secret collection pattern. This increases the chance that users will disclose credentials into a channel where they may persist beyond the minimum necessary authentication step.

Ssd 3

High

Confidence: 98% confidence
Finding: The Arabic locale also instructs users to paste aqara_api_key into chat, exposing a bearer credential in a conversational interface. Given the skill's home-automation capabilities, theft or leakage of this key could enable unauthorized monitoring or manipulation of the user's environment.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal