ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Xiaomi

v1.0.0

[English] Control Xiaomi Home devices via local LAN using miiocli. Supports status checks, toggling power, and MIOT property manipulation for devices like smart plugs, humidifiers, and rice cookers. | [中文] 通过局域网利用 miiocli 控制米家智能设备。支持查看状态、开关控制以及对智能插座、加湿器、电饭煲等 MIOT 设备的属性调优。

2· 1.5k·1 current·1 all-time
by@yiqiezhenxi·duplicate of @yiqiezhenxi/xiaomi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's functionality (using miiocli to control Xiaomi MIOT devices locally) matches the declared required binary (miiocli). However the SKILL.md advertises a "built-in Token Extractor" and scripts (e.g., scripts/token_extractor.py) that are not included in the package manifest, which is inconsistent with claiming those features are bundled.
!
Instruction Scope
Runtime instructions tell the agent/user to run a token extractor script and to store tokens in references/*.md. Those instructions require access to Xiaomi Cloud credentials and device tokens, but no guidance or included code for safe handling is provided. The instructions therefore reference files and sensitive operations (credential/token extraction and storage) that are not actually supplied.
!
Install Mechanism
Although the registry metadata lists no top-level install spec, the SKILL.md metadata contains an install entry that runs `pipx install python-miio` and then runs a pip install inside a pipx venv using a hardcoded path with `/Users/$(whoami)/.local/pipx/...`. This is brittle (assumes a particular pipx location and user home layout), will execute commands on the host, and alters a user-local venv to force a specific click version. These effects are reasonable for installing python-miio but are unexpected given the registry's "no install spec" claim and the hardcoded path is surprising and potentially problematic on non-matching systems.
Credentials
The skill declares no required environment variables or credentials, which superficially looks safe. However the token-extraction step inherently requires Xiaomi account credentials and access to device tokens; the skill does not declare how those credentials are provided or protected. That omission is a proportionality/clarity issue (it asks you to extract sensitive tokens but doesn't declare or document expected secrets handling).
Persistence & Privilege
The skill does not request always:true, does not require system config paths, and does not claim to modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but is not combined with other high-privilege requests.
What to consider before installing
This skill's goal (local miiocli-based control of Xiaomi devices) is reasonable, but take care before installing: - The SKILL.md promises a "scripts/token_extractor.py" and other scripts but the package contains no such files; ask the publisher where the extractor script comes from and inspect it before running. Token extractors require your Xiaomi account credentials and will yield device tokens — treat these as highly sensitive. - The install command embedded in SKILL.md will run pipx and then run pip inside a pipx venv using a hardcoded user-path (/Users/$(whoami)/.local/pipx/...). That may fail or act on unexpected paths; understand and approve any install commands before execution. - If you obtain or run any token-extraction script, review its source to ensure it does not exfiltrate credentials to external servers. Prefer using official, audited tools and only store tokens in a secure location (not plain text references/*.md files). - If you want to proceed, request the missing script(s) and documentation from the skill author or only run the steps in a controlled environment (e.g., an isolated VM) after code review. Given the missing files and the brittle install instructions, I recommend treating this skill as untrusted until the author provides the extractor script and a clearer, platform-neutral install procedure.

Like a lobster shell, security has layers — review code before you run it.

latestvk97brrr1k2rv6j87g799tfsb4x80jbq4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🏠 Clawdis
Binsmiiocli

Comments