Back to skill
Skillv1.0.0
VirusTotal security
Xiaomi · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 3:24 AM
- Hash
- 981e488f02a9f4e78d9e75efdf2345ec39f6c6fa44c165557e32c5db76b2e81e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: home-xiaomi Version: 1.0.0 The skill is classified as suspicious primarily due to its handling of sensitive Xiaomi device tokens. It explicitly instructs the agent to execute `python3 scripts/token_extractor.py` to obtain these tokens, which are then used in `miiocli` commands. While obtaining tokens is necessary for the skill's stated purpose of local device control, the content of `scripts/token_extractor.py` is not provided for review, making its behavior an unknown and high-risk factor. The installation command in `SKILL.md` uses `pipx` and addresses a known dependency issue, and the agent instructions do not exhibit signs of prompt injection or other malicious intent beyond the skill's stated purpose.
- External report
- View on VirusTotal