Skillv1.1.0

ClawScan security

Smart Home Unified · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 15, 2026, 11:55 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches its stated purpose (local multi‑brand smart home control) but contains multiple inconsistencies and insecure practices (plaintext credential storage instructions, request for Apple password, contradictory claims about encryption, and a hardcoded local IP), so proceed with caution and audit before use.
Guidance: This skill appears to implement the advertised local Xiaomi and HomeKit adapters, but there are multiple red flags you should address before installing or providing secrets: - Do NOT paste Apple ID passwords or other credentials into a plaintext TOOLS.md file. If the tool truly needs secrets, request that the author implement encrypted local storage or use OS keyring / environment variables. - The README claims credentials are 'encrypted locally' but the code shows no encryption — ask the author to point to the code that performs encryption or to remove that claim. - The Xiaomi adapter uses a hardcoded IP (192.168.1.100) when creating a miio device; confirm whether that is a placeholder and ensure it won't attempt unexpected connections on your LAN. - Prefer to supply per‑device tokens (local tokens) rather than full account username/passwords; avoid providing Apple account passwords unless you fully trust and have audited the code and know why iCloud credentials are needed. - Audit third‑party packages (miio, hap-nodejs) and consider installing and running the skill in an isolated environment (VM or isolated network) first. Verify network traffic (no unexpected outbound connections) and confirm the tool truly operates only on your LAN if you rely on the 'local only' claim. - If you plan to use this for many devices or in production, request the author to remove plaintext credential instructions, implement secure storage, fix the hardcoded IP, and document any cloud endpoints or telemetry clearly.

Review Dimensions

Purpose & Capability: noteName/description (unified smart‑home control) aligns with included adapters for Xiaomi and HomeKit and the CLI. However marketing/docs mention paid service, cloud features and 'support@...' while SKILL.md/README claim local‑only operation and 'no upload to cloud' — this is a contradictory message about whether the product is purely local or also cloud‑backed. The bit that asks for an Apple ID/password (even if listed 'optional' for iCloud) is not clearly justified by the stated local design.
Instruction Scope: concernRuntime instructions require installing miio/hap-nodejs and ask the user to add sensitive credentials (Xiaomi account, device token, HomeKit PIN, optionally Apple ID/password) into a TOOLS.md file (plaintext). The README and marketing claim credentials are 'encrypted locally', but there is no code that implements encryption or secure storage — the adapters read from a config object and SKILL.md explicitly tells the user to put secrets into a markdown file, which is insecure. SKILL.md also instructs opening UDP port 54321 and running miio extract; those are expected but should be clearly framed as sensitive. The xiaomi adapter code hardcodes an address ('192.168.1.100') when connecting with miio — that is unusual and could cause unintended network behavior if left as-is.
Install Mechanism: okNo installer/remote download is used; package.json lists normal npm dependencies and marks miio/hap-nodejs as optional/peer deps. There are no external arbitrary download URLs or archive extracts. The instruction to npm install -g miio/hap-nodejs is standard for local device libraries but has the usual supply‑chain risk of installing global packages.
Credentials: concernThe skill requests highly sensitive credentials (Xiaomi username/password + device_token, HomeKit PIN, and optionally Apple ID/password) — these are plausible for a local smart‑home integration, but requiring an Apple account password is a disproportionate ask for a CLI that claims local operation. Also asking users to store secrets in TOOLS.md (a plaintext document) is a poor practice and contradicts claims of encryption. No environment variables are requested, but the chosen credential storage method is insecure.
Persistence & Privilege: okSkill does not request always:true and has no special OS restrictions. It is user‑invocable and can be called autonomously by an agent (default), which is expected. There is no evidence the skill modifies other skills or global agent configuration.