ClawHub

Mijia Control

Security checks across malware telemetry and agentic risk

Overview

This Xiaomi smart-home skill is mostly purpose-related, but it asks for sensitive home-control credentials and includes under-scoped automation that can infer occupancy and trigger a physical feeder.

Install only if you are comfortable giving the skill Xiaomi cloud-level control over home devices and lock-related telemetry. Before use, confirm exactly which devices and automations are enabled, avoid storing tokens in plaintext if possible, disable any cron or lock-event-based feeder automation unless you explicitly want it, and rotate Xiaomi credentials if they are exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (12)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documents shell execution, local file reads/writes, and handling of persistent credential/state files, but does not declare permissions for those capabilities. This creates a transparency and policy gap: users and reviewers cannot accurately assess what the skill can access, and an over-privileged or unexpectedly invoked skill could perform sensitive local operations without explicit disclosure.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The declared purpose is Xiaomi device control and automation, but the skill also describes occupancy inference from door-lock logs, automatic fish-feeding based on presence/absence, persistent state tracking, and XiaoAI TTS. Those undeclared behaviors materially expand the privacy and safety impact of the skill, especially because door-lock telemetry reveals user routines and departure events.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The fish-feeding workflow is functionally distinct from ordinary smart-home control because it monitors lock events, infers that a person has left home, and triggers a physical device automatically while maintaining daily state. This is a scope expansion that can surprise users and increases both privacy exposure and the chance of unintended physical actions.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The documentation instructs users to extract Xiaomi authentication material from browser cookies and login flows, including serviceToken and ssecurity. These are highly sensitive session credentials; exposing or mishandling them can enable full cloud control of devices and access to device metadata, making credential theft or accidental leakage particularly dangerous.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The registry contains capabilities beyond straightforward device control, including a smart lock entry and an automation scene that links lock events to fish-feeding behavior. In a smart-home control skill, expanding from direct actuation/status into occupancy inference and cross-device automation increases privacy and safety risk because it enables monitoring of user presence and triggers physical actions unrelated to the immediate user request.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The scene definition documents persistent state tracking and cron polling based on door-lock auto-lock events, which goes beyond direct Xiaomi device control and creates an occupancy-monitoring signal. Even if intended for convenience, tying lock events to background automation can reveal presence/absence patterns and trigger device actions without an explicit real-time user command.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
This script materially extends the skill from generic smart-home control into occupancy inference and automated pet care based on door-lock telemetry. Even if intended as convenience automation, using lock events to infer when the user has left home introduces privacy-sensitive behavior outside the declared scope, which can surprise users and enable misuse of presence data.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The code reads door-lock event history and interprets an auto-lock event as proof that the user has left home. Door-lock telemetry is highly sensitive because it reveals occupancy patterns and daily routines; in the context of a smart-home control skill, this is more dangerous because the manifest does not clearly justify surveillance-like access to lock history.

Context-Inappropriate Capability

Medium
Confidence
80% confidence
Finding
The script invokes a fish-feeder action that is outside the described examples and stated scope of the mijia-control skill. While controlling a Xiaomi device is not inherently unsafe, hidden or undocumented device actuation broadens the skill's authority and can lead to unexpected physical actions by users who did not consent to this automation behavior.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes broad phrases like 'smart home', 'turn on/off', and 'any home device control request,' which can cause the skill to activate for ambiguous or generic requests. In a skill that can change physical device state, overbroad invocation increases the risk of unintended actions such as turning devices on or creating automations without sufficient user intent verification.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill tells users to store Xiaomi cloud authentication tokens in a local JSON file and explains how to obtain them, but does not provide strong warnings about their sensitivity or safe handling. Because these tokens can authorize cloud API access to home devices and data, weak guidance materially increases the chance of credential leakage, misuse, or insecure backups.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The login flow collects the Xiaomi password using Python's plain input(), which echoes the password on screen and increases the chance of shoulder-surfing, terminal history capture, or screen-recording exposure. The code also stores long-lived cloud credentials locally, but does not clearly warn users about that sensitive handling at login time.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal