Skillv1.0.0

ClawScan security

Xiaomi · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:02 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (local control of Xiaomi devices via miiocli) is plausible, but the runtime instructions claim a built-in token-extractor script that is not present and embed a brittle install command that would run on the user's machine — these inconsistencies merit caution.
Guidance: This skill's goal (local miiocli-based control of Xiaomi devices) is reasonable, but take care before installing: - The SKILL.md promises a "scripts/token_extractor.py" and other scripts but the package contains no such files; ask the publisher where the extractor script comes from and inspect it before running. Token extractors require your Xiaomi account credentials and will yield device tokens — treat these as highly sensitive. - The install command embedded in SKILL.md will run pipx and then run pip inside a pipx venv using a hardcoded user-path (/Users/$(whoami)/.local/pipx/...). That may fail or act on unexpected paths; understand and approve any install commands before execution. - If you obtain or run any token-extraction script, review its source to ensure it does not exfiltrate credentials to external servers. Prefer using official, audited tools and only store tokens in a secure location (not plain text references/*.md files). - If you want to proceed, request the missing script(s) and documentation from the skill author or only run the steps in a controlled environment (e.g., an isolated VM) after code review. Given the missing files and the brittle install instructions, I recommend treating this skill as untrusted until the author provides the extractor script and a clearer, platform-neutral install procedure.

Review Dimensions

Purpose & Capability: concernThe skill's functionality (using miiocli to control Xiaomi MIOT devices locally) matches the declared required binary (miiocli). However the SKILL.md advertises a "built-in Token Extractor" and scripts (e.g., scripts/token_extractor.py) that are not included in the package manifest, which is inconsistent with claiming those features are bundled.
Instruction Scope: concernRuntime instructions tell the agent/user to run a token extractor script and to store tokens in references/*.md. Those instructions require access to Xiaomi Cloud credentials and device tokens, but no guidance or included code for safe handling is provided. The instructions therefore reference files and sensitive operations (credential/token extraction and storage) that are not actually supplied.
Install Mechanism: concernAlthough the registry metadata lists no top-level install spec, the SKILL.md metadata contains an install entry that runs `pipx install python-miio` and then runs a pip install inside a pipx venv using a hardcoded path with `/Users/$(whoami)/.local/pipx/...`. This is brittle (assumes a particular pipx location and user home layout), will execute commands on the host, and alters a user-local venv to force a specific click version. These effects are reasonable for installing python-miio but are unexpected given the registry's "no install spec" claim and the hardcoded path is surprising and potentially problematic on non-matching systems.
Credentials: noteThe skill declares no required environment variables or credentials, which superficially looks safe. However the token-extraction step inherently requires Xiaomi account credentials and access to device tokens; the skill does not declare how those credentials are provided or protected. That omission is a proportionality/clarity issue (it asks you to extract sensitive tokens but doesn't declare or document expected secrets handling).
Persistence & Privilege: okThe skill does not request always:true, does not require system config paths, and does not claim to modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but is not combined with other high-privilege requests.