Security audit

Ecovacs Mcp

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed robot-vacuum control skill, with the main caution that broad wording could make an assistant treat generic cleaning phrases as Ecovacs commands.

Install only if you want your assistant to control an Ecovacs robot vacuum. Protect the ECO_API_KEY, verify or pin the external ecovacs-robot-mcp package if possible, and configure your assistant to ask for explicit confirmation before starting, stopping, pausing, resuming, or docking the robot.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The README encourages activation from very broad phrases like 'Start cleaning' or 'Is it charging?', which are common conversational utterances that may appear outside a clear Ecovacs-specific request. Because this skill can trigger real-world device actions, overly generic invocation guidance increases the chance of unintended activation and unauthorized or mistaken control of the robot vacuum.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill declares very broad activation language such as references to 'vacuum,' 'mop,' 'clean the house,' and even implicit mentions without naming Ecovacs. That can cause the agent to invoke a device-control skill in situations where the user is speaking generically, increasing the chance of unintended physical-world actions on a robot vacuum.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The natural-language mapping includes ambiguous phrases like 'stop,' 'pause,' 'dock,' 'go home,' and 'clean the floor' without requiring confirmation that the user means the robot vacuum. In a multi-skill environment, these generic phrases can be misrouted into real device commands, leading to unintended control of the vacuum.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill gives direct operational guidance for starting, stopping, and docking a physical robot without any warning that these commands can trigger real-world actions in the user's home. Because the skill explicitly maps natural-language requests to device-control commands and recommends action workflows, a user or agent could cause unintended movement or cleaning activity without clear consent or safety framing.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill description is overly broad and instructs use for generic household-cleaning language even when the user does not explicitly mention Ecovacs. That can cause accidental invocation in unrelated contexts and lead to unintended real-world device actions such as starting, stopping, or docking a robot vacuum without sufficiently clear user intent.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The natural-language mapping binds ambiguous terms like 'stop', 'pause', 'dock', and 'charge' directly to robot control actions without requiring confirmation or device-specific context. In a prompt-only skill, such loose mappings increase the chance that ordinary conversation is interpreted as a command, producing unauthorized or mistaken physical-world actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal