ClawHub

Xiaomi

Security checks across malware telemetry and agentic risk

Overview

This Xiaomi home-control skill is purpose-related, but it needs Review because it handles sensitive device tokens and real appliance control without enough scoping or safety guidance.

Install only if you are comfortable letting an agent control Xiaomi devices and handle their local control tokens. Do not run any token extractor unless you can inspect its source, keep tokens out of shared markdown and version control, redact them from chats/logs, and require explicit confirmation before power or appliance-state changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The manifest describes the skill as only performing local-LAN control via miiocli, but the documentation also advertises extracting device IPs and Xiaomi cloud tokens. That mismatch is security-relevant because it hides sensitive cloud-account access and credential retrieval behind a narrower stated purpose, reducing informed consent and making risky behavior easier to overlook.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The documented token extractor reaches into Xiaomi Cloud to obtain device IPs and 32-byte tokens, which are effectively secrets enabling direct control of devices on the LAN. This expands the trust boundary beyond local control into cloud credential handling, and if mishandled can expose device inventory and control tokens that enable unauthorized device operations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill tells users to run a bundled token extractor without warning that it retrieves highly sensitive device IPs and Xiaomi tokens from the user's account/cloud. Users may execute it without understanding that these secrets can permit full device control and reveal household device inventory, creating a meaningful risk of credential exposure and unauthorized actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal