ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

SwitchBot OpenAPI

v1.0.2

Control and query SwitchBot devices using the official OpenAPI (v1.1). Use when the user asks to list SwitchBot devices, get device status, or send commands...

1· 1.6k·1 current·1 all-time
by@switchbot-dev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The code and SKILL.md match the declared purpose (calling SwitchBot OpenAPI to list devices, get status, send commands). However the registry metadata claims 'Required env vars: none' and 'Required binaries: none' while the runtime scripts and SKILL.md explicitly require SWITCHBOT_TOKEN and SWITCHBOT_SECRET and expect utilities (curl, openssl, jq, uuidgen) and Node.js. That mismatch is incoherent and should be corrected or explained.
!
Instruction Scope
Runtime instructions and scripts only call the SwitchBot OpenAPI endpoints and do not read unrelated host files. However the scripts allow overriding the API endpoint via SWITCHBOT_BASE_URL (defaulting to https://api.switch-bot.com). If SWITCHBOT_BASE_URL were set to an attacker-controlled host, the skill would send the token/secret/signature there — a possible exfiltration vector. The README and SKILL.md do not explicitly warn about the risk of overriding SWITCHBOT_BASE_URL.
Install Mechanism
There is no install spec — the skill is instruction/script based and will not download arbitrary code at install time. Code files are included in the package; executing them will rely on platform-provided Node and standard shell tools. No remote installs/downloads are present.
!
Credentials
The skill legitimately requires SWITCHBOT_TOKEN and SWITCHBOT_SECRET (and optionally SWITCHBOT_REGION / SWITCHBOT_BASE_URL). Those secrets are proportionate to the stated function. The problem is the package metadata did not declare these required environment variables or the need for command-line tools; that omission is a transparency issue. Also the optional SWITCHBOT_BASE_URL allows redirecting requests — ensure it is not set to an untrusted host.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide configs, and does not persist credentials itself. Autonomy (model invocation) is enabled by default but that is normal; nothing else in the package grants elevated or persistent privileges.
What to consider before installing
This skill implements a SwitchBot OpenAPI client and needs your SwitchBot token and secret to operate — that is expected. Before installing, confirm the platform will safely provide SWITCHBOT_TOKEN and SWITCHBOT_SECRET (do not paste them into public places). Verify the registry metadata is updated to list these required env vars and the needed system tools (curl, openssl, jq, uuidgen, Node.js). Be cautious with SWITCHBOT_BASE_URL: it defaults to the official api.switch-bot.com but can be overridden; never set it to an untrusted host (that would let the skill send your token/secret elsewhere). If you intend to allow autonomous agent invocation, consider restricting the skill or requiring explicit user confirmation for sensitive commands (unlock, createKey, scene execution). If any of these inconsistencies are unexplained by the publisher, treat the package as untrusted until clarified.

Like a lobster shell, security has layers — review code before you run it.

betavk972zjm8ms4zhqpjv1ba11wfr180qzvclatestvk975v3p8hrgf53jrfz5fgm1d8982v7qs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments