Imou Open Device Config

Security checks across malware telemetry and agentic risk

Overview

This skill is disclosed as an Imou camera configuration tool, but it gives broad command authority over real devices without tight built-in scoping.

Install only if you are comfortable giving this skill control over Imou devices reachable by your developer credentials. Set IMOU_BASE_URL explicitly to the correct official region, protect IMOU_APP_SECRET, and treat every set, property-set, and service command as a real device-control action that should be reviewed before execution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The file’s documented purpose is limited to device security configuration such as motion detection and privacy mode, but it also exposes generic thing-model reads, arbitrary property writes, and service invocation. That scope expansion materially increases what a caller can change on a device and can enable unintended or unauthorized operations beyond the declared security-config use case.

Context-Inappropriate Capability

High

Confidence: 96% confidence
Finding: cmd_service_invoke accepts an arbitrary service ref and attacker-controlled JSON content, then forwards it directly to the IoT control API. In a skill advertised for security configuration, this creates an overly broad device-control primitive that could trigger sensitive device actions unsupported by the stated purpose, especially if exposed through an agent or automation layer.

Intent-Code Divergence

Medium

Confidence: 88% confidence
Finding: The CLI description says the tool manages motion plan, sensitivity, and privacy mode, but the parser also registers generic IoT model, property-get/set, and service commands. This mismatch can mislead users, reviewers, and policy controls about the true capability surface, increasing the chance that broad device-control features are granted under a narrower trust assumption.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The thing-model functions allow callers to read arbitrary product models, set arbitrary properties, and invoke arbitrary services on devices, which substantially exceeds the stated scope of motion detection, sensitivity, and privacy-mode configuration. In a device-management skill, this creates a broad remote-control primitive that could be abused to change unrelated security or operational settings if higher-level caller restrictions are weak or absent.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: `iot_device_control` accepts an arbitrary service `ref` and arbitrary `content`, then dispatches it directly to the vendor API. Because service invocation can trigger powerful device actions beyond camera privacy or motion settings, this is an over-broad command channel inconsistent with the skill's stated purpose and increases the blast radius of misuse.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The document instructs use of an admin access token with multi-day validity but provides no warning that the token is highly privileged, sensitive, or equivalent to administrative control over devices. In a skill that manages live security-device settings, this omission increases the chance of unsafe handling, logging, sharing, or casual use of credentials that could enable unauthorized device control.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The reference describes APIs that toggle privacy mode, motion detection, and broader device-control behaviors without warning that these actions materially change real-world surveillance and privacy posture. In this skill context, disabling privacy mode or altering detection behavior can affect physical monitoring, user consent, and security coverage, making silent or poorly understood state changes dangerous.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: Unlike the scoped camera/privacy methods, `set_iot_device_properties` is a generic arbitrary-property write primitive. In the context of a skill advertised for limited security configuration, this enables modification of any writable thing-model property exposed by the product, potentially including unrelated or more sensitive device behaviors.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: This function sends arbitrary remote commands to the device via the IoT service interface without any built-in scoping or approval checks. In this skill context, that is dangerous because it turns a narrowly described configuration tool into a general-purpose remote command executor against connected devices.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal