Back to skill

Security audit

Alexa CLI

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate Alexa control skill, but it gives an agent broad smart-home and Alexa account access without clear safety or privacy guardrails.

Install only if you trust the alexacli upstream project and want an agent to control Alexa devices. Require explicit user confirmation before locks, thermostats, alarms, purchases, or whole-home announcements, and treat calendar, history, and conversation outputs as private. Protect or remove ~/.alexa-cli/config.json when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly enables natural-language smart home control, including locks, lights, and thermostats, but provides no warning that these actions can change real-world device state or affect physical security. In an agent context, this omission is dangerous because a user may invoke the skill without realizing that ambiguous or delegated commands could unlock/lock access points, alter home conditions, or broadcast to devices.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill includes commands for retrieving calendar data, history, and conversation fragments, which may expose sensitive personal information, but it does not warn about privacy implications. In an agent setting, this increases the risk of unintentionally surfacing private household activity, schedules, device usage, or prior voice interactions to the wrong user or context.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.