ClawHub

Switchbot

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate SwitchBot controller, but it needs review because it can perform broad physical smart-home actions with persistent credentials and no confirmation safeguards.

Install only if you are comfortable granting ongoing control of your SwitchBot devices from this machine. Prefer storing the token and secret in a managed secret store, restrict or remove the raw command mode if you do not need it, and require explicit confirmation before lock/unlock, plug/appliance, or other safety-sensitive actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly instructs the agent to use shell commands and make networked API calls, but it does not declare corresponding permissions or provide an explicit trust boundary. In an agent ecosystem, undeclared capabilities reduce transparency and can cause the skill to be invoked in contexts where users or policy engines do not expect physical-device control or outbound communication.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest describes limited device-specific operations, but the script exposes a generic `command` mode that allows arbitrary SwitchBot commands to be sent to any device ID. This expands the capability surface beyond what a user or orchestrator may expect and can enable unintended physical actions or misuse of devices such as locks, plugs, or other actuators.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill controls physical devices, including locks, plugs, lights, curtains, and humidifiers, yet the description lacks an explicit warning that actions may affect home security and the physical environment. Without a clear warning and confirmation expectation, an agent could carry out sensitive actions such as unlocking a door or powering devices without sufficient user awareness.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The `command` CLI path forwards arbitrary device commands directly to the SwitchBot API without any confirmation, safety interlock, or policy check. Because these commands can cause real-world state changes, this creates risk of accidental or unauthorized physical actions, especially in an agentic context where user intent may be misinterpreted.

Credential Access

High
Category
Privilege Escalation
Content
mkdir -p ~/.config/switchbot
chmod 700 ~/.config/switchbot

cat > ~/.config/switchbot/credentials.json << 'EOF'
{
  "token": "YOUR_TOKEN_HERE",
  "secret": "YOUR_SECRET_HERE"
Confidence
81% confidence
Finding
credentials.json

Session Persistence

Medium
Category
Rogue Agent
Content
### 2. Store Credentials Securely

```bash
mkdir -p ~/.config/switchbot
chmod 700 ~/.config/switchbot

cat > ~/.config/switchbot/credentials.json << 'EOF'
Confidence
84% confidence
Finding
mkdir -p ~/.config/switchbot chmod 700 ~/.config/switchbot cat > ~/.config/switchbot/credentials.json << 'EOF' { "token": "YOUR_TOKEN_HERE", "secret": "YOUR_SECRET_HERE" } EOF chmod 600 ~/.config

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal