v1.2.1

小米家居 (Xiaomi Home)

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:19 AM.

Analysis

Review before installing: the skill’s Xiaomi Home control purpose is coherent, but it bundles a private device inventory with real-looking Xiaomi tokens and handles Xiaomi account credentials.

GuidanceDo not install this as-is with the bundled private device list. Remove the populated private inventory, rotate exposed device tokens where possible, review the token extractor before entering Xiaomi credentials, and keep your own IP/token list in a local private file that is not published or shared.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

SKILL.md

`miiocli miotdevice --ip <IP> --token <TOKEN> raw_command set_properties '[{"siid": 2, "piid": 1, "value": true}]'`

The documented workflow uses raw MIOT property commands to switch smart devices such as a water-heater plug.

User impactThe agent can cause real-world device changes, such as turning appliances on or off, when given matching IPs and tokens.

RecommendationConfirm the target device and action before commands that affect power, heat, cooking, cameras, or routers, and keep tokens limited to intended devices.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

SKILL.md

"install":[{"id":"pipx-miio","kind":"exec","command":"pipx install python-miio && /Users/$(whoami)/.local/pipx/venvs/python-miio/bin/python -m pip install 'click<8.1.0'"}]

The skill frontmatter includes an executable dependency installation step using PyPI packages, while the registry summary describes the skill as having no install spec.

User impactInstalling may run package installation commands that change the local Python environment, even though this is not reflected in the top-level install-spec summary.

RecommendationReview and run dependency installation manually, prefer pinned package versions, and align registry install metadata with the SKILL.md declaration.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

references/my_private_devices.md

DO NOT PUBLISH THIS FILE. ... | 热水器 (Plug) | 192.168.28.214 | 181f7c047...e6c3a | ... | 智能摄像头 1 | 192.168.31.78 | 52734f71...5835 |

The distributed artifact contains a file explicitly marked private with populated Xiaomi device IPs and tokens, including cameras and other home devices.

User impactAnyone who receives the skill can see sensitive device tokens, and an agent may try to use those tokens to control devices if it is on a matching network.

RecommendationRemove the private inventory from the package, rotate the exposed Xiaomi device tokens where possible, and ship only a blank template for users to fill locally.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

scripts/token_extractor.py

parser.add_argument("-u", "--username"...); parser.add_argument("-p", "--password"...); ... self._password = getpass("")

The bundled token extractor accepts or prompts for Xiaomi account credentials in order to retrieve device tokens.

User impactUsing the extractor requires trusting this script with Xiaomi account login details or entering them interactively.

RecommendationUse interactive password entry rather than command-line password flags, review the script source first, and avoid saving Xiaomi credentials in shell history or logs.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityHighConfidenceHighStatusConcern

SKILL.md

Store your device details in `references/devices.md` or `references/my_private_devices.md`.

The skill directs users to store device IPs and tokens in agent-readable reference files, and the package already includes a populated private reference file.

User impactSensitive device tokens can be loaded into the agent context and reused across future tasks, increasing exposure if the skill or conversation is shared.

RecommendationKeep token inventories outside published skill artifacts, restrict them to a user-local private configuration store, and document retention and access expectations clearly.