ecovacs-skills-deebot-control

Security checks across malware telemetry and agentic risk

Overview

This skill transparently controls Ecovacs robot vacuums, but users should treat the access key like a password and confirm any command that moves the robot.

Install only if you want an assistant to control your Ecovacs vacuum. Keep the AK private, avoid pasting real keys into shared chats or URLs, use only the official regional portal or a trusted self-hosted gateway, and confirm the exact device and area is safe before any cleaning or docking action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill documentation instructs users to store an Ecovacs access key in environment variables or a local session file and to use networked commands, but the skill declares no permissions for env, file_write, or network. This mismatch is a real security issue because it hides the skill's actual capability surface from reviewers and users, reducing informed consent and increasing the chance that secrets are handled or transmitted without proper scrutiny.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The README describes capabilities that can start, pause, or dock a physical robot vacuum but does not clearly warn users that these commands cause real-world actions in the physical environment. In an agent skill context, missing this warning increases the risk of accidental or misunderstood actuation around people, pets, obstacles, or unsafe situations, especially when commands are issued conversationally.

External Transmission

Medium

Category: Data Exfiltration
Content: **Device list** ```bash curl -sS "${BASE_URL}/robot/skill/deviceList?ak=YOUR_AK" ``` **Control**: `POST /robot/skill/ctl` with JSON `ak`, optional `nickName` (fuzzy match on list), and `ctl.cmd` / `ctl.data`.
Confidence: 94% confidence
Finding: curl -sS "${BASE_URL}/robot/skill/deviceList?ak=YOUR_AK" ``` **Control**: `POST /robot/skill/ctl` with JSON `ak`, optional `nickName` (fuzzy match on list), and `ctl.cmd` / `ctl.data`. ```bash curl

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal