The 4D Acoustic Engine

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Home Assistant smart-home demo that is dry-run by default, but enabling real actuation can control local devices and should be configured carefully.

Install only if you intend to connect it to a local Home Assistant instance. Keep real actuation disabled until you review the hardcoded entity_id and payload, protect the Home Assistant token, and set HA_BASE_URL to a fixed trusted local Home Assistant endpoint rather than a hostname or value controlled by untrusted users.

SkillSpector

By NVIDIA

Vulnerability Patterns

Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Tainted flow: 'url' from os.getenv (line 129, credential/environment) → requests.post (network output)

Critical

Category: Data Flow
Content: if SecurityEnforcer.validate_local_network(url): try: requests.post(url, headers=headers, json=req_payload, timeout=5) print(f" └─ ✅ [硬件响应] 成功调用本地物理设备！") except Exception as e: print(f" └─ ❌ [连接失败] 物理网络异常: {e}")
Confidence: 95% confidence
Finding: requests.post(url, headers=headers, json=req_payload, timeout=5)

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The code claims protection against DNS rebinding, but validate_local_network() resolves the hostname before the later requests.post call performs its own resolution. That check-then-use gap means the destination can change after validation, defeating the stated defense and allowing requests to reach a different IP than the one inspected.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal