ClawHub

Google Home Control

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it gives an agent broad Google Assistant control over linked home devices using persistent Google OAuth credentials without clear confirmation or device limits.

Review carefully before installing. Only configure this on a machine and Google account where you are comfortable letting the agent issue Google Assistant commands to linked devices. Protect or revoke the OAuth credential if needed, and add your own confirmation rules or device/action limits for appliances, locks, thermostats, security devices, or anything safety-sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill can trigger real-world actions on smart-home devices such as lights, TVs, and appliances, but the description lacks an explicit warning that user commands may directly affect the physical environment. That omission increases the chance of unsafe or unintended actuation, especially if a user does not realize the skill has operational control over household devices.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The setup process asks the user to link a personal Google account, authorize broad Assistant access, and store reusable OAuth credentials, but it does not clearly warn about credential sensitivity, account access implications, or local token security. This can lead users to expose persistent tokens that could be abused if the host, skill, or surrounding tooling is compromised.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script reads OAuth credentials from a standard local file or environment-specified path and immediately uses them to refresh a token and send an authenticated request to Google's Assistant API, but it provides no explicit user-facing consent, warning, or boundary check before accessing sensitive credentials. In an agent skill context, this is risky because a user request to 'control home devices' can trigger access to account-linked secrets and authenticated actions on external services without making that sensitive behavior transparent.

Credential Access

High
Category
Privilege Escalation
Content
# 2. Local config folder ~/.config/google-oauthlib-tool/credentials.json
    creds_path = os.environ.get('GOG_HOME_CREDS')
    if not creds_path:
        creds_path = os.path.expanduser('~/.config/google-oauthlib-tool/credentials.json')

    if not os.path.exists(creds_path):
        print(f"Error: Credentials not found at {creds_path}")
Confidence
94% confidence
Finding
credentials.json

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal