ClawHub

Tuya Smart Control

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches Tuya smart-home control, but it can access camera media and route camera images to AI vision analysis without clear data-egress disclosure or strong consent controls.

Review before installing. Only use this skill if you want an agent to control your Tuya devices and access camera captures. Protect TUYA_API_KEY, avoid overriding TUYA_BASE_URL unless you trust the endpoint, require explicit approval for camera capture or AI image analysis, and scope WebSocket monitoring or automations to specific devices.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The documentation instructs the agent to perform IPC visual recognition by downloading camera snapshots and sending them to an AI vision model, but this capability is not declared in the manifest. That mismatch hides a sensitive surveillance-related function from policy review and user consent checks, increasing the chance of unapproved processing of camera imagery.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill's stated scope is Tuya control and related Tuya platform interactions, but the workflow expands behavior to external AI vision processing of camera images. This introduces a new data egress path for highly sensitive home-surveillance content to a third party that is not disclosed in the data egress statement, materially raising privacy and compliance risk.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The skill claims image operations are unsupported, yet a documented workflow downloads decrypted camera images and analyzes them. This contradiction can bypass reviewer expectations and user safety assumptions, enabling sensitive image handling under the guise of a non-image-processing skill.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This documentation explicitly instructs the agent to issue state-changing commands to physical devices, but it provides no safety guidance such as requiring explicit user confirmation, validating the target device and requested property against the thing model, or warning that actions affect real-world equipment. In a smart-home control skill, this can lead to unintended or unauthorized physical actions such as powering devices, changing HVAC settings, or toggling plugs, especially if natural-language resolution is ambiguous.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The automation example reacts to live device events by immediately issuing device commands and sending notifications, which can create unintended physical actions or noisy alerting if users copy it without understanding the risks of event-driven triggers. In a smart-home context, acting on sensor data without clear warnings, validation, authorization boundaries, or safety checks increases the chance of unsafe or surprising behavior.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This documentation exposes bulk device-enumeration and per-device detail endpoints, including current property states, without any warning that the returned data may be sensitive. In this skill context, device names, room associations, online status, and live properties can reveal occupancy patterns, household layout, and camera or appliance state, which increases privacy and surveillance risk if an agent uses these endpoints too broadly or surfaces results unnecessarily.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This documentation exposes a workflow for triggering cloud capture on IPC cameras and retrieving decrypted media URLs, but it does not lead with strong privacy/authorization guardrails proportional to the sensitivity of camera access. In the context of a natural-language smart-home control skill, this increases the risk of unauthorized surveillance, accidental capture, or downstream implementation that treats decrypted URL retrieval as routine rather than requiring explicit, per-action user consent and access checks.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The CLI exposes camera snapshot and video capture operations that can retrieve privacy-sensitive IPC content with only positional arguments, and no explicit user-facing warning, confirmation, or higher-friction consent step in the command flow. In a natural-language agent skill for smart-home control, this increases the risk of covert or unintended surveillance actions if an upstream prompt, integration, or user misunderstanding triggers these commands.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal