Back to skill

Security audit

Samsung Smartthings

Security checks across malware telemetry and agentic risk

Overview

This SmartThings skill appears purpose-aligned, but its setup flow uses broad device-control authority and exposes OAuth credentials in ways users should review carefully before installing.

Review this before installing. Use a local or app-owned OAuth redirect instead of httpbin.org, limit SmartThings scopes if possible, protect the .env file, never commit or share it, and revoke or rotate the SmartThings app, PAT, and OAuth tokens when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill describes capabilities that involve environment access, local file reads/writes, network access, and shell usage, but it does not declare permissions or provide transparency about those operations. This creates a trust and review gap: users may authorize or run a skill without understanding that it will create apps, handle credentials, write secrets locally, and invoke external tooling.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs storing OAuth client credentials and tokens in a local .env file without warning that these are sensitive secrets. If the file is readable by other local users, included in backups, or accidentally committed or logged, an attacker could reuse the credentials to control SmartThings devices or maintain access.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Using httpbin.org as the default OAuth redirect endpoint sends the authorization code to a third-party service outside the SmartThings trust boundary. Even if intended only for convenience, exposing the code to an external endpoint can allow interception, logging, or retention of a credential that can be exchanged for access tokens.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill requires users to place a personal access token in environment variables without warning about shell history, process inspection, CI leakage, or accidental disclosure through logs and crash reports. A leaked PAT could let an attacker provision apps or manipulate SmartThings resources within the token's scope.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script persists SmartThings client credentials to a local .env file automatically, and although it sets mode 0600, it does so without an explicit confirmation or warning that long-lived secrets will be stored on disk. In a local agent/integration context, these credentials enable later token exchange and API access, so silent persistence increases the chance of unintended exposure through backups, syncing, misconfigured home directories, or local compromise.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script writes OAuth access and refresh tokens to disk in a .env file, again without explicit user acknowledgement. Refresh tokens are especially sensitive because they can provide durable account/device access; in this skill's context, compromise could allow persistent control of SmartThings-connected devices such as TVs.

External Transmission

Medium
Category
Data Exfiltration
Content
DEFAULT_DESCRIPTION = "Clawdbot SmartThings integration"
DEFAULT_REDIRECT_URI = "https://httpbin.org/get"
DEFAULT_SCOPES = ["r:devices:*", "x:devices:*"]
DEFAULT_AUTH_BASE = "https://api.smartthings.com/oauth"

ENV_KEYS = {
    "SMARTTHINGS_APP_ID": "appId",
Confidence
97% confidence
Finding
https://api.smartthings.com/

Credential Access

High
Category
Privilege Escalation
Content
Device setup
- Use the SmartThings CLI to list devices in JSON and locate the TV device id.
- Store it as SMARTTHINGS_DEVICE_ID in the same .env file.

Common actions (plain text only)
- List devices and capabilities via the SmartThings CLI.
Confidence
86% confidence
Finding
.env

Session Persistence

Medium
Category
Rogue Agent
Content
This skill provisions a SmartThings OAuth app and stores the credentials for Clawdbot.

Setup (one-time)
- Create the SmartThings OAuth app headlessly (requires a PAT) and print a phone login URL, using plain text instructions only.
- Open the URL on your phone, log in, then copy the code query parameter from the redirect page and re-run to exchange it.
- If PAT app creation fails (403), create the app on a normal machine using the SmartThings CLI login flow and then set the client id/secret in the .env before running the code-exchange step.
- Re-run to refresh credentials: describe the action in plain text (no code snippets).
Confidence
80% confidence
Finding
Create the SmartThings OAuth app headlessly (requires a PAT) and print a phone login URL, using plain text instructions only. - Open the URL on your phone, log in, then copy the code query parameter f

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.