ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

S2 Spatial Adapters

v2.0.7

Provides a unified, cryptographically secure interface to control Home Assistant, Xiaomi Mijia, and Tuya IoT devices with ephemeral zero-trust connections.

0· 81·0 current·0 all-time
byMilesXiang@spacesq
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description claim a unified zero-trust interface for HA, Mijia, and Tuya — the code (three adapters + main.py) implements exactly those protocols and the manifest lists appropriate dependencies. HOWEVER the top-level registry metadata in the submission indicated 'Required env vars: none' while the manifest and SKILL.md clearly require multiple sensitive environment variables (S2_ENABLE_REAL_ACTUATION, HA_BEARER_TOKEN, MIJIA_DEVICE_TOKEN, TUYA_ACCESS_ID/SECRET, etc.). That metadata mismatch is an coherence issue (not an immediate safety exploit) and could mislead automated gating systems.
Instruction Scope
SKILL.md and main.py give a narrow, well-defined runtime contract: run python main.py <protocol> <element> <device_id> '<intent_json>' with environment-injected credentials; all adapters validate inputs, perform SSRF/private-IP checks, redact payloads in logs, and provide a 'dry-run' when S2_ENABLE_REAL_ACTUATION is not set. The s2_commander_agent.json instructs an agent to emit those CLI invocations (including deterministic/low-temperature generation), which is explicit rather than vague.
Install Mechanism
There is no install spec in the registry (instruction-only install), but the package includes Python code and a requirements.txt (requests, pycryptodome). This is low-to-moderate risk — nothing is downloaded from arbitrary URLs, but an installer step (pip install -r requirements.txt) is expected and dependencies are pinned. The absence of an explicit install step in registry metadata is an inconsistency to be aware of.
!
Credentials
The code legitimately needs device credentials and a global 'real actuation' flag, and the manifest documents these env vars as sensitive. That is proportionate to the stated purpose. The concern is twofold: (1) the registry summary incorrectly claimed 'no required env vars', creating a metadata mismatch; (2) these are high-sensitivity secrets (access tokens, device keys). Because the skill is designed to allow actual physical actuations when S2_ENABLE_REAL_ACTUATION=True, giving these secrets to the runtime (or to an autonomous agent) carries real-world risk. Confirm who controls the runtime env and where secrets are stored before enabling.
Persistence & Privilege
The skill is not set to always:true and does not attempt to modify other skills or system-wide configs. Autonomous agent invocation is allowed (disable-model-invocation=false) which is expected for tools intended for agents; combine this with real-actuation credentials and it can cause physical effects, but that is a usage risk rather than an elevated platform privilege. No evidence the skill persists credentials beyond its own lifecycle (it attempts to wipe them in secure_teardown).
What to consider before installing
This skill's code implements exactly what it says (HA REST, Xiaomi UDP, Tuya cloud). Before installing: (1) don't trust the top-level metadata that claimed 'no required env vars' — the manifest and SKILL.md require several sensitive secrets; (2) never set S2_ENABLE_REAL_ACTUATION=True unless you intentionally want the agent to be able to actuate hardware; test in dry-run first; (3) grant the minimal network access possible (eg. run in a network segment that can reach only the intended local devices and/or Tuya endpoints); (4) store credentials in a secure vault and inject them at runtime (do not place in .env); (5) review and/or run the included code in an isolated environment to confirm no hidden endpoints or telemetry are present; and (6) if you plan to let an autonomous agent use this skill, restrict that agent's permissions and logging, and require human approval for sensitive actions (locks, doors, HVAC). The metadata mismatches lower confidence in how this package was registered — treat it with caution and verify configuration before enabling real actuations.

Like a lobster shell, security has layers — review code before you run it.

latestvk97576tx45rf9x6p0a6arkspkn83aryf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments