ClawHub

Openclaw Lifx

Security checks across malware telemetry and agentic risk

Overview

This is a coherent LIFX smart-light control skill, but it stores a local LIFX token and personalized home-light context that users should protect.

Install only if you are comfortable letting the agent control your LIFX lights. Keep .lifx-token and the generated SKILL.md private, avoid instruction-like light or scene names, and verify the package includes the missing SKILL.md.template before relying on setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill uses sensitive capabilities including environment-secret access, shell execution, and network communication, but does not explicitly declare permissions or warn users about that trust boundary. This makes it easier for users or hosting platforms to underestimate what the skill can access and do, especially since it handles a LIFX API token and can invoke local scripts that make external requests.

Context-Inappropriate Capability

Low
Confidence
80% confidence
Finding
The script silently falls back to reading a bearer token from a local .lifx-token file, which expands the credential attack surface beyond explicit environment-based configuration. In an agent/skill context, implicit local secret discovery is more dangerous because it may access credentials the user did not intend this specific tool to consume.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README instructs users to pass a personal LIFX token to setup and mentions a `.lifx-token` file elsewhere, but it does not clearly warn that the token is stored locally on disk. That omission can lead users to mishandle a long-lived credential, especially on shared systems or in backups, increasing the chance of unauthorized control over their LIFX environment.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The setup process rewrites SKILL.md with personal device context, which can embed sensitive household metadata such as room names, device identifiers, and scene names into a file that may be synced, shared, or committed inadvertently. Because this side effect is not prominently disclosed in the description, users may expose private environment details without realizing setup modifies skill content.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
Loading a sensitive API token from a local file without explicit disclosure can cause unintended credential use and weakens transparency around secret handling. In a skill setting, users may reasonably expect only provided environment credentials to be used, not silently discovered local files.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script persists the LIFX bearer token in a local file, which creates a credential-at-rest risk if the skill directory is later copied, backed up, committed, or read by another local process or user. Although chmod 600 reduces exposure, the token remains long-lived sensitive data stored on disk without strong user warning, lifecycle management, or a more secure secret store.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal