ClawHub

Ha Xiaomi Control

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to control Home Assistant Xiaomi devices, but it needs review because broad triggers and token-backed API calls can change real devices without tight scoping.

Install only if you want this agent to control your Home Assistant devices. Use a dedicated least-privilege Home Assistant token, avoid placing it in shared prompt/config files, restrict the Home Assistant URL and entity list, and require explicit confirmation for ambiguous or state-changing commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill performs network calls to a Home Assistant endpoint and reads a bearer token from environment/config, but it declares no permissions. This creates a transparency and policy gap: users and review systems are not clearly informed that the skill can access credentials and issue device-control requests on the local network.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The description says the skill triggers on device control commands broadly, which can cause unintended activation from ordinary conversation or unrelated smart-home requests. In a control skill, accidental invocation can directly cause physical-world actions such as turning devices on/off or sending voice directives to speakers.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Using only the generic keyword '空调' as the air-conditioner trigger is ambiguous and can match many benign mentions of air conditioners. Because the skill maps such matches to immediate Home Assistant service calls, misclassification could result in unauthorized or unintended climate changes.

Credential Access

High
Category
Privilege Escalation
Content
Load configuration from `TOOLS.md` → **智能家居** section, or use these defaults:

- **HA URL:** `http://192.168.31.35:8123`
- **Access Token:** Read from user's environment or TOOLS.md
- **Xiao AI Speaker:** `media_player.xiaomi_lx06_3ff3_play_control`
- **Xiao AI Command Entity:** `text.xiaomi_lx06_3ff3_execute_text_directive`
- **Air Conditioner:** `button.miir_ir02_8112_turn_off` / `button.miir_ir02_8112_turn_on`
Confidence
88% confidence
Finding
Access Token

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal