Back to skill

Security audit

Smart Home Planner

Security checks across malware telemetry and agentic risk

Overview

This smart-home skill appears useful, but it reaches into real device control, credentials, local installs, and background automation with weaker scoping and warnings than that authority deserves.

Install only if you are comfortable giving the skill practical authority over your smart-home systems. Use test devices first, avoid storing long-lived tokens in plaintext, change default Homebridge credentials, prefer HTTPS/local-only access, review any automation before enabling it, and do not run remote install scripts with sudo unless you have independently verified them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Findings (16)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares itself as a planning/configuration guide but includes behaviors requiring file read, network, and shell-like capabilities without any explicit permission declaration or consent framework. This creates a transparency and authorization gap: users may invoke a seemingly advisory skill that can persist data, contact external services, or trigger local commands.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The declared description emphasizes planning and guidance, but the body instructs direct API authentication, device discovery/control, package installation, plugin deployment, and background automation execution. This mismatch can mislead users and platform reviewers about the real operational scope, increasing the risk of unintended system changes or device control.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
This file implements a live automation engine that polls devices, evaluates triggers and conditions, and executes state-changing actions against Mijia and HomeKit environments. That behavior materially exceeds the declared planning/advice-only scope of the skill, creating a capability mismatch that can lead to unauthorized control of physical devices such as lights, switches, scenes, and climate-related accessories.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The discovery functions connect to live Mijia and Homebridge environments and enumerate real devices and scenes/accessories, which is inconsistent with a planning-focused skill. In the context of a smart-home planner, this expands access from passive advice to active environment probing, exposing device inventory and enabling reconnaissance against the user's home setup.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs saving household profiles and potentially API-related access details to local files, but it does not define secure storage, retention limits, permission hardening, or prominent user warnings about persistence. Persisting sensitive environment details and tokens in predictable paths increases the risk of credential theft, privacy leakage, and unauthorized smart-home access if the host is shared or compromised.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill guides users to run installation scripts, install packages, copy plugin files, and start long-running background automation services without a strong upfront warning about system modification, persistence, or operational risk. These actions can alter the host, create unattended processes, and increase attack surface, especially if users follow instructions without understanding trust boundaries.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide exposes powerful MCP tools that can restart Homebridge, reveal pairing information, remove cached accessories, reset all cached accessories, and fully replace config.json, but it does not warn that these actions are sensitive, potentially destructive, or should require explicit user confirmation. In an agent skill context, this increases the chance that an LLM could perform disruptive administrative actions from ambiguous prompts or prompt injection, causing service interruption, device loss, or unauthorized HomeKit access workflows.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide provides copy-pastable examples that can remotely control lights, climate devices, scenes, and XiaoAi natural-language actions, but it does not clearly warn that these actions affect real physical devices and may be disruptive or safety-relevant. In a smart-home skill context, users are especially likely to run examples directly, which increases the chance of unintended device activation, scene execution, or unsafe automation effects.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The Sleep Mode examples automatically lock a door as part of a bedtime routine without any warning, confirmation step, or discussion of lockout and emergency-egress implications. In a smart-home planning skill, users may copy these snippets directly into production automations, so omission of safety guidance can lead to accidental lockouts, unsafe nighttime behavior, or inappropriate locking when household context is not validated.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The Security Mode examples trigger camera recording, notifications, and alarms without any user-facing privacy warning, consent guidance, or note about legal/household monitoring implications. Because this skill is specifically meant to help users deploy smart-home automations across multiple platforms, users are likely to adopt these examples as-is, increasing the risk of covert monitoring, over-collection of footage, or recording household members and visitors without proper notice.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The examples directly demonstrate state-changing operations against real smart-home devices and scenes, including lights, curtains, AC, locks, and batch property updates, without any safety notice or sandboxing guidance. In a skill specifically meant for smart-home planning and configuration, users may copy and run these snippets against production homes, causing unintended physical actions, triggering automations, or affecting security-relevant devices such as door locks.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The examples enumerate homes, devices, scenes, power statistics, and consumables without warning that the returned data may reveal sensitive household metadata such as room names, device models, occupancy patterns, and energy usage. While this is common API functionality, documenting it without privacy guidance can lead users to expose or log sensitive smart-home inventory and behavioral data unintentionally.

External Transmission

Medium
Category
Data Exfiltration
Content
def _login(self) -> bool:
        """Authenticate with Homebridge and get JWT token."""
        try:
            resp = requests.post(f"{self.base_url}/api/auth/login", json={
                "username": self.username,
                "password": self.password,
            }, timeout=10)
Confidence
97% confidence
Finding
requests.post(f"{self.base_url}/api/auth/login", json=

Credential Access

High
Category
Privilege Escalation
Content
### Step 2: If User Grants Access — Guide API Setup

**Home Assistant:**
- Guide to Settings → Long-Lived Access Tokens
- Save URL and token to profile
- Test connection with a simple API call
Confidence
97% confidence
Finding
Access Tokens

Chaining Abuse

High
Category
Tool Misuse
Content
if ! command -v node &> /dev/null; then
    echo "Error: Node.js not found. Please install Node.js 18+ first."
    echo "  macOS:   brew install node"
    echo "  Linux:   curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash - && sudo apt install -y nodejs"
    exit 1
fi
Confidence
69% confidence
Finding
&& sudo

Chaining Abuse

High
Category
Tool Misuse
Content
if ! command -v node &> /dev/null; then
    echo "Error: Node.js not found. Please install Node.js 18+ first."
    echo "  macOS:   brew install node"
    echo "  Linux:   curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash - && sudo apt install -y nodejs"
    exit 1
fi
Confidence
69% confidence
Finding
| sudo

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.