ClawHub

xiaodu-leave-home-mode-official

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed smart-home leave-home routine, but users should understand it can control home devices, read schedule/reminder information, and remember preferences.

Install only if you trust the existing xiaodu-control-official setup and understand which Xiaodu scenes and devices it can affect. Review or avoid saved preferences that skip future confirmations, especially anything involving locks, and be careful with broad trigger phrases or spoken calendar/reminder summaries in shared spaces.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (9)

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The test cases expand the skill from a 'leave-home checklist/device shutdown' flow into security-sensitive actions such as door-lock control and persistent preference handling. That broadening matters because locking a door and storing long-term behavior preferences are materially different capabilities that can affect physical security and user privacy if invoked without explicit, scoped consent and strong confirmation rules.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Persisting user preferences to XIAODU_CONTEXT.md creates a long-term memory channel that outlives the immediate leave-home request, but the test cases do not define consent, retention, access controls, or limits on what may be stored. This can lead to silent accumulation of behavioral data and unintended future automation based on stale or overly broad preferences.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The notes explicitly instruct the skill to persist inferred user preferences into XIAODU_CONTEXT.md, creating durable profile/state storage beyond the described one-shot leave-home automation flow. Persisting behavioral preferences without scoped consent, retention rules, or access controls can accumulate sensitive household patterns and expand the skill's authority over time.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill advertises broad, everyday trigger phrases such as “出门了”, “离家模式”, “出门前检查一下”, and “帮我把家里设备关一下”, which are common in normal conversation and can cause accidental invocation. In this skill’s context, unintended activation is more dangerous because the workflow may turn off lights, curtains, and HVAC and may prompt toward lock-related actions, affecting the physical home environment rather than only returning information.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The tests assume automatic access to weather, calendar, and reminders, but calendar events and reminders can contain sensitive personal or work information. Without a user-facing notice or permission model, the skill may disclose private data during a convenience workflow in contexts where others can overhear or where the user did not expect those sources to be queried.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The markdown specifies writing user preferences to a persistent context file without telling the user that their data will be stored. Undisclosed persistence is risky because it creates hidden state that can influence later actions and may expose personal habits or security preferences if the context store is accessed improperly.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases include broad everyday utterances such as '我走了', '关门关灯', and '帮我把家里设备关一下', which can be said conversationally without intending to invoke an automation. In a home-control skill, accidental activation can cause unintended device shutdown or lock-related prompts at the wrong time, making broad matching materially risky.

Vague Triggers

Low
Confidence
86% confidence
Finding
Including weather-oriented phrasing like '出门前看看天气' as a trigger for the full leave-home routine blurs the boundary between a benign information query and a home-automation action. That increases the chance a user asking only for weather unintentionally triggers device shutdown logic or lock prompts.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation says user statements like '以后出门不用问,直接上锁' should be absorbed as formal preferences and written persistently, but provides no user-facing notice that these instructions will be stored. Silent persistence of household automation preferences can create privacy issues and future unsafe actions, especially when preferences affect security-sensitive operations like locking doors.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal