Trust Assessment
xiaomi-home received a trust score of 62/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 2 medium, and 0 low severity. Key findings include Suspicious import: socket, Suspicious import: requests, Insecure storage of sensitive device tokens.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Insecure storage of sensitive device tokens The `token_extractor.py` script extracts sensitive Xiaomi device IPs and tokens. The `SKILL.md` then explicitly instructs users to store these sensitive details in plain text files (`references/devices.md` or `references/my_private_devices.md`). These files contain credentials (device tokens) that can be used to control Xiaomi devices. If the AI agent or any other process gains access to the local filesystem, these tokens could be read and exfiltrated, leading to unauthorized device control. This creates a clear data exfiltration risk if the agent's file access is not strictly limited. 1. Avoid storing sensitive tokens in plain text files accessible by the agent. 2. Implement a secure credential management system (e.g., environment variables, a dedicated secrets store, or an encrypted configuration file) that the agent can access securely. 3. If local storage is necessary, ensure the file is encrypted and access is strictly controlled. 4. Ensure the agent's file system access is minimized to only necessary paths. | LLM | SKILL.md:40 | |
| HIGH | Potential for command injection via miiocli arguments The `SKILL.md` defines how user intents should map to `miiocli` commands, which are executed by the agent. These commands involve interpolating values such as device IP addresses (`<IP>`), tokens (`<TOKEN>`), and JSON payloads. If the agent directly substitutes user-provided input into these command arguments without robust sanitization or validation, a malicious user could inject arbitrary shell commands. For example, providing a crafted IP address like `127.0.0.1; rm -rf /` could lead to unintended command execution on the host system. 1. Ensure all user-provided inputs (e.g., device identifiers, property values) are strictly validated and sanitized before being used in `miiocli` commands. 2. Prefer using `subprocess.run` with a list of arguments (e.g., `['miiocli', 'miotdevice', '--ip', user_ip, ...]`) instead of a single shell string, to prevent shell injection. 3. Implement a whitelist or strict regex validation for all parameters that will be interpolated into shell commands. | LLM | SKILL.md:49 | |
| MEDIUM | Suspicious import: socket Import of 'socket' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/pegasus02/xiaomi-home/scripts/token_extractor.py:11 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/pegasus02/xiaomi-home/scripts/token_extractor.py:20 |
Scan History
Embed Code
[](https://skillshield.io/report/1030cdb0d4aa49f2)
Powered by SkillShield