ClawHub

Xiaomi

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended for Xiaomi smart-home control, but it needs review because it handles device-control tokens and can change real device states without strong safeguards.

Install only if you are comfortable letting an agent control real Xiaomi devices. Treat Xiaomi account credentials, device IPs, and especially device tokens as secrets: do not commit them, paste them into shared chats, or store real tokens in ordinary markdown unless the files are private and access-controlled. Review any token_extractor.py before running it, because it was referenced but not included for inspection.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest presents the skill as local-LAN control only, but the documentation additionally instructs users to extract Xiaomi Cloud device tokens and sync account/device data. That mismatch expands the trust boundary from local control to cloud credential handling, which is security-relevant because tokens can enable unauthorized device access and the user is not clearly warned about that broader capability.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Including a built-in token extractor for Xiaomi Cloud is a sensitive capability that is not clearly necessary for a skill advertised as local network control. Device tokens are effectively secrets for local control, so bundling cloud-assisted extraction without strong justification, disclosure, and safeguards increases the chance of credential exposure, overcollection, or misuse.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The natural-language examples map broad phrases like 'Turn on water heater' directly to device-control commands without explicit confirmation, scoping, or authorization constraints. In a home-automation context, ambiguous or overly permissive triggers can cause unintended actuation of physical devices, which raises safety and misuse risks beyond ordinary software actions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation tells users to fetch IPs and 32-byte tokens and store device details in reference files, but it does not explicitly warn that these tokens are sensitive secrets. In this context, tokens grant control over physical devices on the LAN, so encouraging extraction and storage without clear warnings or protection guidance materially increases the risk of secret leakage and unauthorized device control.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal