Back to skill

Security audit

Iobroker Simple Api

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a real ioBroker control integration, but it grants broad smart-home write and code-execution authority with weak scoping and misleading read-only framing.

Install only if you intend to give the agent administrative control over ioBroker, including device state changes and script execution. Prefer a restricted ioBroker account, network-limited deployment, and disabling or avoiding delete and exec/eval operations unless you explicitly need them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest description says 'Read-only config' while the skill metadata and stated scope indicate full REST access, including writes and script execution. This mismatch can mislead reviewers and users into granting or trusting a far more powerful integration than intended, increasing the risk of unsafe deployment and over-privileged use.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly documents destructive operations such as deleting states and executing arbitrary JavaScript, but provides no safety guidance, authorization caveats, or warnings about their effects. In a skill that exposes full remote control of ioBroker, this omission increases the likelihood of accidental or unauthorized dangerous use, including service disruption and code execution on the automation platform.

Missing User Warnings

High
Confidence
95% confidence
Finding
The documentation explicitly exposes high-risk capabilities including state writes, deletes, and JavaScript execution while presenting the skill as 'production-ready' and 'full smart home control' without prominent safety warnings, consent boundaries, or operational restrictions. In this context, the skill can affect physical devices and home automation state, making destructive or unsafe actions materially more dangerous than a typical read-only integration.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill silently loads ioBroker credentials from local config and automatically attaches them as a Basic Authorization header to every outbound request. Because the handler and help text do not clearly disclose this behavior, a user may invoke the skill without realizing it is authenticating to a privileged home-automation endpoint with stored credentials, increasing the risk of unintended privileged actions and opaque data access.

Missing User Warnings

High
Confidence
98% confidence
Finding
The handler exposes write operations such as set, toggle, setBulk, create, and especially exec/eval, which can execute arbitrary JavaScript on ioBroker, with no confirmation prompt, capability gating, or warning. In the context of a full-access home automation skill, this enables immediate remote manipulation of devices and scripts, potentially affecting physical systems, disabling protections, or pivoting to broader compromise through the automation platform.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"author": "OpenClaw",
  "license": "MIT",
  "dependencies": {
    "ws": "^8.14.0"
  },
  "engines": {
    "node": ">=18.0.0"
Confidence
82% confidence
Finding
"ws": "^8.14.0"

Known Vulnerable Dependency: ws==8.14.0 — 2 advisory(ies): CVE-2024-37890 (ws affected by a DoS when handling a request with many HTTP headers); CVE-2026-45736 (ws: Uninitialized memory disclosure)

High
Category
Supply Chain
Confidence
96% confidence
Finding
ws==8.14.0

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.