Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Aqara OpenAPI Local
v1.0.3Route Aqara Open API requests across device, space, and automation skills with a relationship-first router, shared CLI contract, and structured handoff contr...
⭐ 1· 26·0 current·0 all-time
byAIOT Open Cloud@aqara
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
Name, description, and code files implement an Aqara Open API CLI/router. Required binary (node) and the two environment variables (AQARA_ENDPOINT_URL, AQARA_OPEN_API_TOKEN) directly correspond to the declared purpose of calling the Aqara Open API. Binaries, files, and features (device cache, spaces, automations) are coherent with the stated functionality.
Instruction Scope
SKILL.md stays within the domain of Aqara API operations: routing intents, using a cache (data/devices.json), invoking the local 'aqara' CLI entrypoint, and performing specific whitelisted request types. It explicitly forbids printing tokens and writing secrets to shell startup files. One mismatch: the runtime instructions say the CLI will fallback to reading the AQARA CLI config at ~/.aqa/config.json if env vars are missing, but the skill metadata declared no required config paths — that file access is sensitive and should be noted.
Install Mechanism
No remote install/download steps are declared. The package includes Node.js source and a bin entry (bin/aqara-open-api.js); execution requires only 'node'. There are no external URLs or archive extracts in the install spec. This is a low-risk install mechanism in the sense that nothing is fetched from arbitrary remote hosts by the installer.
Credentials
The two required environment variables are proportional and expected for an API client: AQARA_ENDPOINT_URL and AQARA_OPEN_API_TOKEN. The SKILL.md also documents a fallback to the AQARA CLI config file (~/.aqa/config.json) for credentials; that config file was not listed in the skill's declared required config paths. Reading that file is reasonable for a CLI but is a sensitive operation that should be explicitly declared to users.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It does write a local cache file (data/devices.json) as part of normal operation and may instruct users to run 'aqara config set-token' which writes to the AQARA CLI config (~/.aqa/config.json). Those are expected for a CLI that stores tokens and caches devices, but they do modify user files outside the package root and should be considered when granting the skill access.
Scan Findings in Context
[pre-scan-injection-none] expected: Static pre-scan reported no injection signals. Given the package is a local CLI with source files, lack of pre-scan hits is not surprising; manual review of network/http code is still recommended before execution.
Assessment
This package appears to do what it says: it's a Node-based local CLI/router for the Aqara Open API and legitimately needs your Aqara endpoint and bearer token. Before installing or running it, consider: 1) The skill will look for credentials first in your environment variables and then in the AQARA CLI config file (~/.aqa/config.json). If you do not want the skill to read or modify that file, provide AQARA_ENDPOINT_URL and AQARA_OPEN_API_TOKEN in the environment instead. 2) The CLI writes a device cache to data/devices.json in the package directory — that will contain device IDs and metadata from your account. 3) There is no remote installer; the package contains Node source that will run locally. If you don't fully trust the source, review bin/aqara-open-api.js and lib/http.js to inspect network calls and ensure no unexpected endpoints or telemetry exist, or run the CLI in an isolated environment (container or VM). 4) The SKILL.md explicitly warns not to print tokens, but you should still avoid pasting real credentials into untrusted consoles. If you want the evaluator to take a closer look, provide the contents of bin/aqara-open-api.js and lib/http.js and I can call out any unexpected network endpoints or exec calls.lib/commands.js:105
File read combined with network send (possible exfiltration).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk97advz5q491c2dr3q3wq022xd85001y
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🏠 Clawdis
Binsnode
EnvAQARA_ENDPOINT_URL, AQARA_OPEN_API_TOKEN