Back to skill

Security audit

Roborock Vacuum Control

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Roborock vacuum-control skill with expected account and device-control risks, but no evidence of hidden or unrelated behavior.

Install only if you trust the python-roborock CLI and are comfortable giving it access to your Roborock/Xiaomi Home account and linked vacuums. Confirm device and room IDs before running cleaning or settings commands, enter credentials only into the CLI prompt, and treat map images, room IDs, and device IDs as private.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description includes broad trigger phrases like 'clean floor', 'vacuum', and 'hoover', which can match ordinary conversation and cause the skill to activate unexpectedly. In this skill's context, accidental activation is more dangerous because the documented actions can control a physical device and start cleaning runs without strong confirmation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs users to enter Roborock account credentials and also documents retrieval and export of sensitive home-layout data such as maps and room information, but provides no privacy or local-handling warnings. This increases the risk of credential exposure, unsafe storage, or unintended disclosure of home interior information through logs, screenshots, saved files, or shared tool context.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.