小米智能家居 (Xiao Mi Home for HA)
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill matches its smart-home purpose, but it gives the agent broad Home Assistant control through a long-lived token without clear service/entity limits or confirmation safeguards.
Install only if you are comfortable giving the agent persistent Home Assistant access. Use a restricted HA account/token if possible, avoid broad automations unless needed, and require confirmation before the agent changes device states or triggers scenes.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked incorrectly, the agent could turn devices on or off, change climate settings, trigger scenes, or run automations in the user's home.
The skill exposes broad Home Assistant service-calling authority rather than limiting actions to a defined set of safe Xiaomi entities or services.
调用任意 HA 服务(脚本、场景、自动化)/ Call any HA service (scripts, scenes, automations)
Limit the token and skill to specific entities/services where possible, and require explicit user confirmation before any state-changing Home Assistant POST request.
A long-lived HA token stored for the skill could allow broad smart-home control across sessions if misused or exposed.
The skill requires a persistent Home Assistant token, which can carry broad account/device privileges; this sensitive credential requirement is not reflected in the supplied registry metadata.
`HA_TOKEN` | 长期访问令牌 (Long-Lived Access Token) | ✅ 必填
Use the least-privileged Home Assistant account/token available, rotate the token if no longer needed, and avoid sharing it in chat logs or other visible channels.
One mistaken command could propagate through Home Assistant automations and change several devices or household routines at once.
Scenes, scripts, and automations can affect multiple devices or routines from a single service call, and the artifacts do not document containment or rollback safeguards.
Call any HA service (scripts, scenes, automations)
Keep automations/scripts out of scope unless explicitly requested, and add confirmation for actions that trigger scenes, scripts, or multi-device automations.
Installing global packages can introduce third-party code onto the user's machine.
The optional fallback installs an unpinned global npm package; this is disclosed and user-directed, but it adds ordinary dependency-provenance risk.
npm i -g node-jq # 安装后 jq 命令即可用
Prefer the OS package manager for jq, or pin and verify any npm package before installing it globally.