Security audit
Sonoff
Security checks across malware telemetry and agentic risk
Overview
This skill is a disclosed SONOFF/eWeLink automation guide with real device-control capability, but its access and safety gates are purpose-aligned.
Install only if you want an agent to help inspect or control SONOFF devices. Keep write actions in guided mode, use a least-privilege eWeLink token from the environment, manually confirm high-impact or bulk device changes, and avoid storing raw credentials in ~/sonoff.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.
