Trust Assessment
xiaomi received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Unpinned dependency in install command, Handling and storage of sensitive credentials, Potential command injection via `miiocli` arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Handling and storage of sensitive credentials The skill explicitly instructs users to run `python3 scripts/token_extractor.py` to obtain sensitive Xiaomi device tokens (IPs and 32-bit Tokens) from Xiaomi Cloud. It then suggests storing these credentials in local plaintext files like `references/devices.md` or `references/my_private_devices.md`. This process involves handling highly sensitive authentication material. The security of the `token_extractor.py` script (which is part of the skill package) and the recommended plaintext storage method are critical. If the script is compromised or the storage location is insecure, it could lead to credential harvesting or unauthorized device access. Implement secure credential management practices. The `token_extractor.py` script should be thoroughly audited for vulnerabilities. Consider using a secure secrets manager, environment variables, or encrypted storage for tokens instead of plaintext files. Ensure the skill's runtime environment restricts access to these sensitive files. | LLM | SKILL.md:21 | |
| HIGH | Potential command injection via `miiocli` arguments The skill's natural language intents are mapped to `miiocli` commands that incorporate user-provided `<IP>` and `<TOKEN>` values. If these values are directly interpolated into shell commands without proper sanitization or escaping, a malicious user could inject arbitrary shell commands (e.g., by providing a token like `'; rm -rf /'`). This could lead to arbitrary code execution on the host system with the privileges of the skill's execution environment. Ensure all user-provided inputs (IP, Token, and any other parameters used in `miiocli` commands) are strictly validated and properly escaped before being passed to `subprocess` calls or other command execution mechanisms. When using Python's `subprocess` module, prefer passing arguments as a list (e.g., `subprocess.run(['miiocli', 'miotdevice', '--ip', ip_var, '--token', token_var, ...])`) rather than a single shell string (`shell=True`) to prevent shell injection. | LLM | SKILL.md:33 | |
| MEDIUM | Unpinned dependency in install command The `python-miio` package is installed via `pipx install python-miio` without a specific version constraint in the skill's manifest. This can lead to non-deterministic builds, unexpected behavior, or the introduction of vulnerabilities if a future version of the package contains malicious code or breaking changes. While `pipx` installs the latest stable version, explicit pinning ensures reproducibility and security against future supply chain attacks. Pin the version of `python-miio` to a known good version in the `install` command, e.g., `pipx install python-miio==X.Y.Z`. | LLM | SKILL.md |
Scan History
Embed Code
[](https://skillshield.io/report/7453341b12464711)
Powered by SkillShield