Back to skill

Security audit

Homey

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Homey smart-home control skill, but it needs review because it can operate real devices such as locks, thermostats, and automations without clear confirmation safeguards.

Install only if you want an agent or CLI to control your Homey environment. Before enabling it broadly, use the least-privileged Homey token available, avoid granting access to locks, alarms, garage doors, heaters, or critical automations unless you have explicit confirmation rules, and verify device or flow IDs before running state-changing commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill exposes shell, network, and environment-backed capabilities but does not declare permissions or otherwise constrain their use. That creates a trust and review gap: an agent can invoke authenticated local or cloud smart-home control commands, including sensitive device actions, without an explicit permission model visible in the skill metadata.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
These examples include direct control of security-sensitive devices such as door locks without any warning that commands have immediate real-world effects. In an AI-agent or copy/paste context, a user could trigger unlocking or other physical actions unintentionally, increasing the risk of unauthorized access or unsafe operation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The automation examples bundle multiple physical actions, including turning devices on/off and locking doors, without any user-facing caution about irreversible or safety-relevant effects. In practice, an agent or operator may run these scripts verbatim, causing unintended home state changes, lockouts, or disruption when people are present.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly describes agent-driven control of smart-home devices and triggering automations, but it does not require or prominently warn about user confirmation before executing potentially sensitive physical actions. In a home-automation context, silent execution can affect safety, privacy, security devices, locks, climate systems, or routines, especially when invoked by an AI agent from ambiguous natural-language requests.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill directly documents commands that can change physical home state and operate security-relevant devices such as locks, thermostats, lights, and automation flows, but it provides no safety warning, confirmation guidance, or restrictions for high-risk actions. In an agent setting, this increases the chance of unintended or prompt-induced physical actions, including unlocking/locking, triggering routines, or altering environmental controls.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The testing guide instructs users to run live device-control and flow-triggering commands against a real Homey environment without a prominent warning that these actions will affect actual devices and automations. In a smart-home context, this can cause unintended physical actions or routine execution, especially because examples encourage direct use on production devices rather than an isolated test environment.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The error-case test instructs users to clear stored authentication with commands that remove local/cloud credentials, but the warning is minimal and does not clearly emphasize that access may be disrupted and manual reconfiguration will be required. This can lead to accidental loss of working auth setup, operational interruption, or confusion during testing.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documentation exposes direct state-changing commands for smart home devices (`set`, `on`, `off`) without any warning that they affect real physical systems. In a home automation context, this can lead an agent or user to operate lights, locks, HVAC, plugs, or other actuators without recognizing safety, privacy, or equipment risks.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Triggering a flow can execute arbitrary Homey automations, which may chain into multiple device actions with broad physical effects. Because the docs present `homeycli flow trigger` as routine usage without warning, an agent may invoke automations that unlock doors, disable alarms, or energize appliances without appreciating the scope of consequences.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The authentication section instructs users to store local and cloud credentials, including via stdin and environment variables, but does not warn that these tokens are sensitive secrets that can grant control over the smart home. In this context, credential mishandling could enable unauthorized device control, automation execution, and exposure of household state.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/release.js:7