Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Aqara Home Skills
v0.1.0Official Aqara Home skill for natural-language control and query of real smart-home devices, rooms, states, logs, and hardware via authenticated API access.
⭐ 0· 55·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code, CLI, and SKILL.md implement an Aqara Open API client (homes, rooms, devices, control) which is coherent with the declared purpose. However the manifest/registry metadata claims no credentials are required while the runtime actually expects an Aqara access token (saved to assets/user_account.json or provided via AQARA_API_KEY). The README and SKILL.md also call this the “official” skill but the package source/homepage are unknown, which is a credibility mismatch.
Instruction Scope
Runtime instructions instruct the agent to prompt the user to paste an access token into the conversation and then run local scripts that write that token into assets/user_account.json and call network APIs. The SKILL.md forbids echoing the token to the user, but the workflow requires the token to be pasted into chat or otherwise provided to the agent—this is sensitive and easy to mishandle. The skill also reads locale environment vars and local asset files (login_prompt_i18n.json, api_path_config.json) and instructs running multiple CLI scripts; overall it exercises filesystem and network operations beyond mere text lookup, which is expected but sensitive.
Install Mechanism
There is no formal install spec in the registry, but SKILL.md instructs running pip install -r scripts/requirements.txt. Dependencies are typical (requests, pydantic, qrcode, fastmcp) from PyPI — moderate risk and expected for a Python CLI wrapper. No remote archive downloads were found, which lowers install risk, but the requirement to pip-install packages still executes code from third-party registries.
Credentials
The registry lists no required environment variables or primary credential, yet the code and docs require an Aqara access token (aqara_api_key) and accept an AQARA_API_KEY env var. The skill stores that token in plaintext under assets/user_account.json. The code also allows overriding the API base URL via assets/api_path_config.json, which could redirect traffic to a non-official endpoint if altered. Requesting a sensitive access token but not declaring it in manifest is a proportionality/visibility mismatch.
Persistence & Privilege
The skill does write persistent state, but only to its own assets/user_account.json and related cache files (local skill config). It does not request always:true or attempt to change other skills or global agent settings. The normal autonomous-invocation setting (disable-model-invocation:false) combined with the need for an access token increases blast radius if the agent is allowed to act autonomously, so verify agent autonomy policies if you plan to enable it.
What to consider before installing
This skill largely implements an Aqara API client, but there are red flags you should consider before installing or using it: (1) the manifest says no credentials are required yet the skill needs an Aqara access token — the token will be stored locally (assets/user_account.json) in plaintext; (2) the SKILL.md asks the user to paste the token into the conversation and instructs the agent to run scripts to save it — avoid pasting secrets into chat if you don't fully trust the agent or skill source; (3) the skill can call arbitrary API endpoints if assets/api_path_config.json is present/modified — verify the base URL is legitimate (the default is https://agent.aqara.com/open/api) and do not allow unknown endpoints; (4) the package source/homepage are unknown despite claiming to be “official” — prefer code from an authenticated vendor source; (5) pip install will pull third-party packages — review requirements for supply-chain risks. Recommended actions: review the full scripts locally before running; prefer providing the token by running the provided save script yourself in a secure terminal (not pasted into a public/chat transcript); verify api_path_config.json (or absence thereof) points to Aqara's official endpoints; and confirm the skill's origin or use an official integration from Aqara if possible.Like a lobster shell, security has layers — review code before you run it.
latestvk971w3kda13mbg5g1kv0pes2k983jpk7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.