ClawHub

Dyson Fan Control

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Dyson device-control CLI, with disclosed local credential storage and no evidence of hidden exfiltration or unrelated behavior.

Install only from a trusted or pinned source. Run setup only if you are comfortable entering Dyson account credentials, keep ~/.dyson/config.json private, avoid sharing or committing it, and be careful with prompts that change power or heating settings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill description presents the tool as only performing local MQTT control on the same WiFi, but the documented/setup-related behavior includes cloud login, credential retrieval, local credential storage, device management, and network reachability checks. This mismatch matters because users may invoke the skill assuming only local, low-risk actions, while the underlying tool may handle sensitive account credentials and persist them locally, increasing privacy and credential-exposure risk.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README explicitly documents that fetched Dyson device credentials are stored in ~/.dyson/config.json but does not warn that this file contains sensitive secrets that should be protected. If the file is exposed through weak filesystem permissions, backups, logs, or accidental sharing, an attacker on the same network could potentially use those credentials to control the user's Dyson devices over local MQTT.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The setup flow retrieves per-device credentials from the Dyson cloud account and persists them locally via save_config without any warning, consent prompt, or indication of how sensitive that data is. Those credentials appear sufficient to control local devices over MQTT, so storing them on disk in a routine CLI workflow increases the chance of unintended disclosure through weak file permissions, backups, shared machines, or endpoint compromise.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal