ClawHub

Samsung Smartthings

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly transparent about SmartThings setup, but its default OAuth flow and broad device-control authority need review before installation.

Review this skill before installing. Use a localhost or user-controlled OAuth redirect instead of httpbin, consider a dedicated SmartThings account or minimum practical scopes, protect or delete the .env file when finished, and rotate the PAT or OAuth credentials if they appear in logs or were used through the default redirect.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill requires sensitive capabilities including environment access, file read/write, network access, and shell execution, yet it declares no permissions. That mismatch prevents meaningful user consent and review, especially because the documented behavior includes credential handling and command execution against local tooling.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The description frames the skill as TV control, but the documented behavior also provisions OAuth apps, performs token exchanges, and stores credentials locally. This broader access increases risk because users may authorize what appears to be simple device control while the skill is actually establishing durable credentialed access to their SmartThings account.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly writes SmartThings client credentials and OAuth tokens to a local .env file but does not prominently warn that these values are long-lived secrets. If the local state directory is exposed, backed up insecurely, or readable by other processes, an attacker could reuse the credentials to access and control SmartThings devices.

Missing User Warnings

High
Confidence
99% confidence
Finding
Using https://httpbin.org/get as the default OAuth redirect causes the authorization code to be sent to a third-party service outside the user's control. OAuth authorization codes are sensitive and can enable token issuance; sending them through an unrelated external endpoint materially increases interception and privacy risk.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
On CLI failure, the code raises an error containing the full command line via `{' '.join(cmd)}`. Because `cmd` may include `--token <PAT>`, logs, console output, telemetry, or error reports can expose the Personal Access Token, enabling unauthorized SmartThings API access if those logs are collected or viewed by others.

Credential Access

High
Category
Privilege Escalation
Content
Device setup
- Use the SmartThings CLI to list devices in JSON and locate the TV device id.
- Store it as SMARTTHINGS_DEVICE_ID in the same .env file.

Common actions (plain text only)
- List devices and capabilities via the SmartThings CLI.
Confidence
88% confidence
Finding
.env

Session Persistence

Medium
Category
Rogue Agent
Content
This skill provisions a SmartThings OAuth app and stores the credentials for Clawdbot.

Setup (one-time)
- Create the SmartThings OAuth app headlessly (requires a PAT) and print a phone login URL, using plain text instructions only.
- Open the URL on your phone, log in, then copy the code query parameter from the redirect page and re-run to exchange it.
- If PAT app creation fails (403), create the app on a normal machine using the SmartThings CLI login flow and then set the client id/secret in the .env before running the code-exchange step.
- Re-run to refresh credentials: describe the action in plain text (no code snippets).
Confidence
79% confidence
Finding
Create the SmartThings OAuth app headlessly (requires a PAT) and print a phone login URL, using plain text instructions only. - Open the URL on your phone, log in, then copy the code query parameter f

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal