Back to skill

Security audit

Duwi Smart Home

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Duwi smart-home controller, but it needs Review because it can immediately control physical devices and handles secrets in risky ways.

Install only if you are comfortable giving an agent access to control your Duwi-connected home. Prefer interactive secret entry, avoid putting passwords or APPKEY/SECRET values in shell commands, protect or remove the local JSON credential/token files when not needed, and use exact device numbers or precise room/device names before allowing physical actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The verify_credentials() method unconditionally overwrites self.access_token with the literal value "credentials_test", which mutates client authentication state during what should be a read-only validation check. If called in a live session, it can invalidate subsequent authenticated operations or trigger unintended token refresh/logout behavior, causing denial of service or state corruption for the client.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This skill controls physical devices including breakers, curtains, HVAC, floor heating, and scene execution, yet the documentation does not require explicit confirmation or warn about real-world consequences before taking action. In a smart-home context, mistaken or unauthorized execution can affect occupant safety, privacy, equipment operation, or energy usage, making the missing safeguards materially risky.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script explicitly supports passing APPKEY and SECRET on the command line, which can expose these secrets through shell history, process listings, job logs, and telemetry on multi-user or managed systems. Although this is framed as a convenience feature for non-interactive use, it is a real secret-handling weakness because the file stores long-lived application credentials for a smart-home platform.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.25.0

# 可选:用于更高效的 JSON 处理
# ujson>=5.0.0
Confidence
90% confidence
Finding
requests>=2.25.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
97% confidence
Finding
requests

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.