MiGPT Xiaomi Assistant

Security checks across malware telemetry and agentic risk

Overview

This skill is mainly a Xiaomi speaker setup guide, but it includes high-risk instructions for bypassing Xiaomi account security using browser cookies and cached tokens.

Review carefully before installing. Prefer supported Xiaomi login and recovery flows; do not copy browser cookies into scripts unless you fully understand the account-takeover risk. Use a dedicated Xiaomi account if possible, protect .env/.migpt.js/.mi.json, keep them out of git, restrict file permissions, rotate exposed keys or sessions, review any node_modules patches, and understand that voice transcripts may be sent to your chosen LLM provider.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (11)

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: This document explicitly describes using authenticated browser session cookies to obtain Xiaomi service credentials and persist them for later use, bypassing the normal security-verification flow. That is effectively credential/session hijacking guidance and expands the skill from legitimate device setup into account-authentication bypass, creating a high risk of unauthorized account access and abuse.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The file provides instructions to bypass Xiaomi account security verification by reusing browser cookies and cached tokens, then patching the client to skip normal login. In the context of a speaker setup/troubleshooting skill, this is not a necessary or justified capability and materially increases the chance of unauthorized access to Xiaomi account services.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The README explicitly advertises '浏览器 Cookie 注入绕过验证' to bypass Xiaomi MIoT security verification, which normalizes credential/session manipulation to defeat account protections. In the context of a deployment skill for consumer IoT devices, this is especially dangerous because it can encourage insecure handling of authentication artifacts, account compromise, session theft, and circumvention of vendor security controls without any warning or safe boundaries.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs users to place an API key in a .env file but does not warn them to protect the file, exclude it from version control, or avoid sharing logs/screenshots containing secrets. In a setup guide for self-hosted voice assistants, this omission can realistically lead to credential leakage through git commits, backups, or copied project folders.

Missing User Warnings

Low

Confidence: 79% confidence
Finding: The guide tells the user to launch the assistant with nohup in the background and redirect output to a persistent log file, but it does not warn that the process will continue running and may retain sensitive content in logs. For a voice assistant connected to user queries and cloud APIs, unattended execution and disk logging can expose transcripts, errors, or tokens if the host is shared or compromised.

Vague Triggers

High

Confidence: 95% confidence
Finding: The template explicitly recommends `callAIKeywords: [""]`, which causes every utterance to trigger the custom assistant because empty-string prefix checks always match. In this Xiaomi speaker context, that broad interception can unintentionally capture all voice interactions, override expected native-assistant behavior, and increase privacy and operational risk by sending unintended audio-derived text to the LLM/backend.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The instructions tell users to write passwords, tokens, and signing material into .mi.json without any warning or safeguards. Persisting these secrets in plaintext on disk increases the risk of credential theft from local compromise, backups, logs, source-control mistakes, or accidental sharing.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The document instructs users to handle highly sensitive browser cookies, password-derived hashes, and authentication tokens in HTTP requests without emphasizing that these values grant account access. Even if sent over HTTPS, documenting this workflow normalizes unsafe handling of session secrets and increases the likelihood of theft or misuse.

Ssd 4

Medium

Confidence: 97% confidence
Finding: The skill explicitly recommends a 'browser cookie injection method' to bypass repeated Xiaomi security verification. Normalizing a bypass of an account security control is dangerous because it encourages users to circumvent authentication safeguards and handle high-value session cookies in unsafe ways, increasing the risk of account takeover or unauthorized access.

Ssd 4

High

Confidence: 99% confidence
Finding: The step-by-step instructions operationalize an authentication bypass by guiding the reader through harvesting session data, exchanging it for service tokens, persisting those tokens, and modifying the client to skip login checks. This is dangerous because it turns a protected login flow into a reusable workaround that can be applied beyond legitimate troubleshooting and undermines the platform’s security controls.

Ssd 3

High

Confidence: 98% confidence
Finding: These instructions direct users to collect and reuse browser session cookies and identifiers from an authenticated Xiaomi session. Session cookies are effectively bearer secrets; exposing or repurposing them enables account access without re-authentication and can facilitate session hijacking or impersonation.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal