ClawHub

Tuya Cloud

Security checks across malware telemetry and agentic risk

Overview

This Tuya skill is openly for IoT control, but it can expose sensitive local control keys and change physical device state without strong safety guardrails.

Install only if you intend to let the agent read and control your Tuya devices. Treat TUYA_ACCESS_SECRET and local_key values as secrets, avoid using --enrich unless you need it, review commands before any valve or switch action, and keep .env out of source control and shared logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The code adds unauthenticated local network discovery via UDP broadcast, which expands the skill from device interaction into network enumeration. In an agent context, this is dangerous because it can reveal the presence, IPs, and metadata of IoT devices on the user's LAN without requiring the Tuya cloud credentials described in the skill metadata.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest says the skill requires cloud credentials, but the implementation supports local scanning, reading, and command execution without them. This scope mismatch is security-relevant because users or orchestrators may grant the skill more trust than warranted, while it can still enumerate and control local devices directly on the LAN.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README tells users to place long-lived Tuya API credentials in a local .env file but does not warn them to keep that file out of version control, restrict file permissions, or use a proper secret store. This can lead to accidental credential exposure through Git commits, backups, logs, screenshots, or shared project directories, which would allow attackers to access and control Tuya devices through the cloud API.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This skill can send commands that change physical device state, including opening valves and toggling switches, but the description does not clearly warn users that actions may have real-world effects. In an IoT context, ambiguous UX around control operations can lead to accidental activation, water usage, equipment damage, or unsafe physical outcomes if invoked unintentionally or with the wrong device/channel.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation instructs users to place cloud credentials in `.env` and later references `local_key` for LAN control, but it provides no explicit warning that these values are sensitive secrets. That omission increases the risk that users will paste secrets into logs, prompts, screenshots, repositories, or command histories, enabling unauthorized cloud or local control of IoT devices.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
When --enrich is used, the scan output can include local_key values alongside device IDs and IPs, and those keys are printed directly to stdout/JSON. Local keys are sensitive secrets used for direct LAN control of Tuya devices, so exposing them in logs or agent outputs can enable unauthorized command execution against physical devices on the network.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal