Security audit

Micro-Doppler Life-Safety Engine

Security checks across malware telemetry and agentic risk

Overview

The skill is transparent and safe by default, but enabling it gives automatic smart-home control including door unlocking without enough scoping or confirmation.

Treat this as a prototype unless independently validated. Keep dry-run enabled for testing; before enabling real actuation, restrict the Home Assistant token, verify the base URL is a trusted local endpoint, and add human confirmation or remove automatic door unlocking.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Tainted flow: 'url' from os.getenv (line 68, credential/environment) → requests.post (network output)

Critical

Category: Data Flow
Content: # 真实物理控制逻辑 print(f" └─ 🔌 [物理执行层] 正在发送危险指令 POST {url} | 载荷: {payload}") try: response = requests.post(url, headers=HomeAssistantActuator.headers, json=payload, timeout=5) response.raise_for_status() print(f" └─ ✅ [硬件响应] 成功执行真实物理指令！") return True
Confidence: 90% confidence
Finding: response = requests.post(url, headers=HomeAssistantActuator.headers, json=payload, timeout=5)

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High

Category: Supply Chain
Confidence: 93% confidence
Finding: requests

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal