ClawHub

SwitchBot OpenAPI

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate SwitchBot control skill, but it gives an agent broad real-world control over locks, garage doors, scenes, and keypad passcodes without built-in confirmation safeguards.

Install only if you intend to let an agent control your SwitchBot account and connected devices. Store the token and secret securely, rotate them if exposed, and require explicit user confirmation before any lock, garage door, scene, appliance, image upload, or keypad passcode action. Treat keypad passcodes as secrets and avoid putting real codes in logs, chat history, or shared transcripts.

Publisher note

Support custom text settings on the Weather Station AI analysis page

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (7)

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill emphasizes access to family, room, and home data, which can reveal household structure, occupancy patterns, and device placement, but it does not warn users that this is sensitive household metadata. In a home-automation context, exposing or casually retrieving this information increases privacy risk because it can help map a user's living environment.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documented commands include security- and safety-relevant actions such as locking/unlocking and deadbolt control without requiring an explicit caution or confirmation step. In a home-control skill, these actions are materially risky because accidental or unauthorized invocation can affect physical security and user safety.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents creating and deleting keypad passcodes without highlighting the access-control consequences. These operations can grant or revoke real-world entry, so presenting them as ordinary commands without caution increases the chance of misuse, unauthorized provisioning, or accidental lockout.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This reference documents security-sensitive actuator commands such as lock/unlock, garage access, and keypad key management without any warning that they can directly affect physical security or require explicit user confirmation. In a home automation skill that is explicitly intended to control real devices and household data, omission of guardrails makes accidental or socially engineered unsafe actions more likely.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs users to send keypad passcodes in plain text and does not warn that these values are highly sensitive credentials that can unlock physical spaces if exposed in logs, traces, chat history, or telemetry. Because this skill manages SwitchBot locks/keypads in a home context, mishandling these secrets can lead directly to unauthorized entry and persistent compromise through attacker-created codes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
These examples demonstrate security- and access-affecting actions such as lock, unlock, and deadbolt operations without any warning that they can affect physical access and safety in the real world. In an agent skill context, examples strongly shape downstream tool use, so normalizing these commands without guardrails increases the chance of unsafe or unauthorized execution.

Missing User Warnings

High
Confidence
98% confidence
Finding
The keypad examples include creating and deleting passcodes, including a hardcoded sample password, without any warning about credential sensitivity, authorization requirements, or audit implications. This is especially dangerous because the skill directly manages home access devices; examples that normalize credential provisioning can enable unauthorized entry, persistence, or lockout if reused or automated by an agent.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal