Back to skill

Security audit

Roborock Vacuum Control via Telegram

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it needs review because broad chat phrases can control a real vacuum and its shell config path can execute local code.

Install only if you are comfortable letting an OpenClaw agent run the included shell wrapper to control your Roborock. Prefer a dedicated Jojo/Telegram agent or require explicit phrases like "Jojo, pause cleaning". Keep jojo.env private, restrict its permissions, do not set JOJO_CONFIG_FILE to untrusted paths, and avoid storing unrelated tokens in the config.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill description and invocation guidance use very broad, everyday phrasing for controlling a physical device, which increases the chance of accidental activation from normal conversation. In a chat or Telegram context, generic language like 'pause', 'status', or 'go home' can be interpreted as device commands without sufficient confirmation, causing unintended robot actions.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The intent mapping includes highly generic trigger phrases such as 'pause', 'wait', 'hold on', 'charge', and 'rooms', which commonly appear in ordinary conversation and are easy to match unintentionally. Because the skill controls a real-world device, ambiguous NLU mappings can lead to unintended starts, stops, docking, or room-cleaning actions in response to incidental user language.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script unconditionally sources a config file from a path influenced by the environment (JOJO_CONFIG_FILE) and executes any shell code inside it in the current process. Because this skill is designed to be run via exec for routine actions, a malicious or tampered config file can achieve arbitrary code execution before any safety checks, making this more dangerous than a simple configuration read.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.