Trust Assessment
xiaomi received a trust score of 67/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Arbitrary command execution during skill installation, Sensitive credentials (Xiaomi tokens) stored in plain text and handled by unknown script, Potential command injection in `miiocli` arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary command execution during skill installation The skill's manifest specifies an `install` command of `kind: exec`. This command executes a shell script (`pipx install python-miio && ...`) during skill installation. While the current command uses `$(whoami)` for dynamic path construction, which is not directly user-controlled, the `exec` kind allows for arbitrary shell command execution. A malicious `python-miio` package (supply chain risk) or a compromised environment could leverage this to execute arbitrary code with the privileges of the skill runner. Review the necessity of `kind: exec` for installation. If shell execution is required, ensure all arguments are strictly controlled and not derived from untrusted sources. Consider using a more sandboxed installation method if available. Implement robust supply chain security measures for all dependencies. | LLM | SKILL.md:1 | |
| HIGH | Sensitive credentials (Xiaomi tokens) stored in plain text and handled by unknown script The skill instructs users to run `python3 scripts/token_extractor.py` to obtain Xiaomi device tokens, and then to store these tokens along with device IPs in `references/devices.md` or `references/my_private_devices.md`.
1. **Unknown Script:** The content of `scripts/token_extractor.py` is not provided, posing a significant risk. A malicious or vulnerable script could harvest these tokens.
2. **Plain Text Storage:** Storing sensitive device tokens in markdown files (`.md`) is insecure. These files are typically not encrypted or access-controlled in the same way as dedicated credential stores.
3. **Access by Skill:** The skill will need to read these files to operate, meaning it has access to all stored tokens. If the skill itself is compromised or has excessive file system permissions, these tokens could be easily exfiltrated. 1. Provide the source code for `scripts/token_extractor.py` for security review. 2. Implement a secure method for storing credentials, such as environment variables, a dedicated secrets management service, or an encrypted configuration file, rather than plain text markdown files. 3. Ensure the skill's runtime environment enforces least privilege for file system access. | LLM | SKILL.md:18 | |
| MEDIUM | Potential command injection in `miiocli` arguments The skill's core functionality involves constructing and executing `miiocli` shell commands using device IP addresses and tokens. If the values for `<IP>`, `<TOKEN>`, or other parameters (especially the `raw_command` argument which takes a JSON string) are not properly sanitized or escaped before being passed to the shell, an attacker could inject arbitrary shell commands. For example, if an IP address could be manipulated to include shell metacharacters (e.g., `192.168.1.1; rm -rf /`), it could lead to arbitrary code execution. Without the actual skill code that constructs these commands, the exact exploit path is unknown, but the pattern is a common vulnerability. Ensure all dynamic arguments passed to `miiocli` (or any external command) are strictly validated and properly escaped for shell execution. Avoid direct string concatenation for command construction; use libraries or functions designed for safe command execution (e.g., `subprocess.run` with `shell=False` and passing arguments as a list). | LLM | SKILL.md:34 |
Scan History
Embed Code
[](https://skillshield.io/report/e33be688e91046f4)
Powered by SkillShield