小米家居 (Xiaomi Home)
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill’s Xiaomi-control purpose is coherent, but it ships sensitive real-looking device tokens and asks for Xiaomi account credentials without clear credential scoping.
Do not use this skill as-is with the included private device file. Remove any real tokens, rotate exposed device credentials if they are yours, and store your own Xiaomi tokens in a private configuration location. Review the token extractor before entering Xiaomi credentials, and confirm any command that can affect appliances, cameras, routers, or other physical devices.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who obtains valid tokens and can reach the relevant local networks may be able to control those Xiaomi devices; it also signals poor handling of sensitive device credentials.
The published artifact contains a private device inventory with real-looking Xiaomi device control tokens, despite explicitly saying not to publish it.
# My Private Xiaomi Devices (Sensitive) DO NOT PUBLISH THIS FILE. ... | 热水器 (Plug) | 192.168.28.214 | 181f7c047098b594883f88191a9e6c3a | cuco.plug.v3 |
Remove the private inventory from the package, rotate or reset the exposed Xiaomi device tokens, and require each user to store their own tokens outside the published skill.
Using the extractor requires trusting the included script with Xiaomi login credentials and device tokens.
The bundled extractor handles Xiaomi account credentials, while the registry metadata declares no primary credential; this is high-impact account access even if it is purpose-aligned.
parser.add_argument("-u", "--username", required=False, help="Username")
parser.add_argument("-p", "--password", required=False, help="Password")
...
self._password = getpass("")Run the extractor only after reviewing the source, avoid passing passwords on the command line, and prefer a documented, scoped authentication flow with credential requirements declared in metadata.
Device tokens placed in skill reference files may be reused in future agent contexts or exposed if the skill directory is shared, backed up, or republished.
The skill directs users to persist sensitive device control tokens in agent-readable reference files, and the package demonstrates how such files can be accidentally published.
Add your devices here to help the agent remember their IPs and Tokens.
Store tokens in a private, access-controlled configuration location or secret store, and keep published reference files as templates without real secrets.
A mistaken command or wrong token/IP mapping could turn devices on or off or change appliance settings.
The skill exposes raw MIOT property-changing commands through miiocli; this is central to Xiaomi device control but can directly change physical device state.
`miiocli miotdevice --ip <IP> --token <TOKEN> raw_command set_properties '[{"siid": 2, "piid": 1, "value": true}]'`Use explicit device names, verify IP/token mappings, and consider requiring confirmation before controlling appliances with safety or privacy implications.
Installation changes the local Python tool environment and relies on external package sources.
The skill documents installing python-miio and applying a dependency version fix; this is purpose-aligned but depends on external package installation.
"command":"pipx install python-miio && /Users/$(whoami)/.local/pipx/venvs/python-miio/bin/python -m pip install 'click<8.1.0'"
Install in an isolated environment, verify package sources, and review the dependency pinning before use.