Trust Assessment
xiaomi received a trust score of 68/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 1 medium, and 1 low severity. Key findings include Credential Harvesting and Storage in Plaintext, Potential Command Injection via miiocli arguments, Excessive Permissions Granted to miiocli.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 61/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Credential Harvesting and Storage in Plaintext The skill explicitly instructs the user to run a script (`scripts/token_extractor.py`) to obtain sensitive device IPs and authentication tokens from Xiaomi Cloud. It then advises storing these credentials in plaintext markdown files (`references/devices.md` or `references/my_private_devices.md`). Storing sensitive credentials in unencrypted, easily accessible files poses a significant security risk, as they can be easily compromised by other processes or users on the system. Avoid storing sensitive credentials like device tokens in plaintext files. Instead, recommend using secure credential storage mechanisms (e.g., environment variables, a dedicated secrets manager, or an encrypted configuration file) that are protected by appropriate access controls. If local storage is necessary, ensure it's encrypted and access is strictly limited. | LLM | SKILL.md:20 | |
| HIGH | Potential Command Injection via miiocli arguments The skill demonstrates the use of `miiocli` commands with placeholders for `<IP>` and `<TOKEN>`. If these placeholders are populated directly from untrusted user input without proper sanitization or escaping, a malicious user could inject arbitrary shell commands. For example, if `<IP>` is replaced with `192.168.1.1; rm -rf /`, it could lead to arbitrary code execution on the host system. Implement strict input validation and sanitization for all arguments passed to external commands like `miiocli`. Use parameterized command execution where possible, or ensure all user-controlled inputs are properly escaped to prevent shell metacharacters from being interpreted as commands. Consider whitelisting allowed commands and arguments. | LLM | SKILL.md:34 | |
| MEDIUM | Excessive Permissions Granted to miiocli The skill grants the agent the ability to execute `miiocli` commands, which can control Xiaomi devices on the local network. While necessary for the skill's functionality, `miiocli` is a powerful tool. Allowing the agent to execute arbitrary `miiocli` commands, especially with sensitive tokens, could lead to unintended or malicious actions on connected devices if the agent's prompts are manipulated or if there's a command injection vulnerability. Limit the scope of `miiocli` commands the agent can execute to only those strictly necessary for the skill's advertised functionality. Implement a whitelist of allowed `miiocli` subcommands, arguments, and device properties that the agent is permitted to modify. Ensure that any parameters passed to `miiocli` are validated against expected values. | LLM | SKILL.md:34 | |
| LOW | Specific Dependency Version Pinning Indicates Potential Compatibility Issues The installation command includes a specific version constraint for the `click` library (`'click<8.1.0'`). While pinning dependencies is generally good practice for stability, this specific constraint suggests a known compatibility issue with `python-miio` or other dependencies. This could indicate a fragile dependency tree or a workaround for a deeper problem, potentially leading to future conflicts or security vulnerabilities if not properly managed. Investigate the root cause of the `click` version constraint. Ensure that all dependencies are properly pinned and regularly audited for security vulnerabilities. Document the reason for specific version constraints to aid future maintenance and prevent unexpected issues. | LLM | Manifest:1 |
Scan History
Embed Code
[](https://skillshield.io/report/6cc479d1de98ee7b)
Powered by SkillShield