cmaiot-basic-general-kit

Security checks across malware telemetry and agentic risk

Overview

This is a coherent China Mobile AIoT helper, but it can control real devices, reveal video stream URLs, and stores API keys locally.

Install only if you intend to let the agent manage your China Mobile AIoT devices. Protect the generated config.json file, rotate keys if it may be exposed, confirm exact device names and actions before any set/call/create/enable/disable command, and avoid sharing raw live-stream URLs or full command output outside trusted contexts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Intent-Code Divergence

High

Confidence: 97% confidence
Finding: The `call` command uses an undefined `serviceId` variable instead of the parsed path component, so service invocations will fail unexpectedly. In an automation/security context, this can cause operators to believe a control action was issued when it was not, leading to unsafe or inconsistent device state handling.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: These commands allow enabling, disabling, setting properties, and invoking services on physical IoT devices, but the documentation provides no safety warning, confirmation requirement, or authorization guidance for potentially disruptive actions. In an operational environment, misuse or prompt injection could cause service interruption, unsafe state changes, or unintended control of customer equipment.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill can retrieve live-stream addresses for video devices, which may expose surveillance feeds or sensitive internal camera endpoints if used without clear privacy safeguards. Because these URLs can grant direct access to live video, accidental disclosure in chat output, logs, or to unauthorized users could create serious privacy and security exposure.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill stores product access keys in plaintext JSON on local disk without warning, protection, or access control. Anyone with filesystem access to the host or workspace can recover these credentials and use them to query or control devices on the associated AIoT platform.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal