小度控制
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears coherent and purpose-aligned for Xiaodu device control, but it needs a Xiaodu access token and can operate sensitive smart-home and camera functions.
Install only if you trust this skill and the dueros-iot-mcp runtime with your Xiaodu token. Keep the mcporter config private, review or pin the npx dependency if possible, and require clear confirmation before camera, lock, whole-home, timer, or scene-trigger actions.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or anything that can use the saved mcporter configuration may be able to access or control the user’s Xiaodu devices until the token is revoked or expires.
The skill stores the Xiaodu access token in mcporter home-scope configuration and passes it to both the Xiaodu HTTP server and IoT MCP process. This is expected for the stated purpose, but it grants real account/device authority.
mcporter config add xiaodu ... --header "ACCESS_TOKEN=$TOKEN" ... --scope home; mcporter config add xiaodu-iot ... --env "ACCESS_TOKEN=$TOKEN" ... --scope home
Use this only on trusted machines, keep ~/.mcporter/mcporter.json private, avoid pasting tokens in shared logs, and revoke or rotate the token if it may have been exposed.
Mistaken or overly broad commands could turn devices on/off, trigger scenes, or access a smart-screen camera.
The documented tools can affect the physical environment, trigger scenes, and capture photos. The same document includes confirmation guidance for higher-risk actions, so this is a disclosed, purpose-aligned risk rather than hidden behavior.
智能屏能力(`xiaodu`) ... 拍照 ... IoT 基础控制 ... 开关 ... 场景触发 ... 高风险动作 ... 门锁开关 ... 全屋设备批量开关 ... 先确认
Confirm the exact device, room, scene, and action before running controls, and require explicit confirmation for cameras, locks, whole-home actions, timers, or ambiguous scene names.
The npm package used for IoT control can execute locally and receives the Xiaodu token; if the package or its supply chain were compromised, the token and device controls could be at risk.
The IoT server is configured to run an unpinned npm package via npx -y and receive the access token. This is disclosed and central to the IoT integration, but the package contents/provenance are outside the reviewed artifacts.
--command npx --arg -y --arg dueros-iot-mcp --env "ACCESS_TOKEN=$TOKEN"
Use a trusted version/source for dueros-iot-mcp, consider pinning a known-good version where possible, and review/limit token scope and lifetime.
Local workspace files may reveal device identifiers, rooms, and home layout/status information; unusual device names could also appear as text in later agent context.
The refresh script writes persistent local JSON/Markdown snapshots containing device names, rooms, CUIDs, client IDs, and statuses. This is useful for the skill, but it is sensitive home-inventory context that may be reused later.
OUT_DIR="${XIAODU_WORKSPACE_DIR:-$HOME/.openclaw/workspace/xiaodu-control}" ... SUMMARY_MD="$OUT_DIR/device-summary.md" ... item.get('cuid') ... item.get('client_id')Treat saved device summaries as private data, delete them when no longer needed, and ensure agents treat device names and scene names as data rather than instructions.