Oathe Security Badge

Is airoom-ai/smarthome safe?

https://clawhub.ai/airoom-ai/smarthome

87
SAFE

This appears to be a legitimate smart home control skill for Home Assistant and Tuya Smart integration. The skill contains executable Python code and handles authentication credentials, which presents inherent security risks, but the functionality appears genuine and appropriate for its stated purpose.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 80/100 · 25%
Code Execution 75/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (3)

HIGH Executable Python script with network access -25

The skill contains a Python script (smart.py) that makes HTTP requests to external endpoints. While this appears to be legitimate smart home API functionality, executable code always presents security risks.

MEDIUM Credential storage and transmission -20

The script stores and transmits authentication tokens for Home Assistant and Tuya Smart APIs. This is necessary for functionality but creates potential attack surface if compromised.

LOW User-configurable network endpoints -10

The script allows users to configure arbitrary endpoints for Home Assistant, which could potentially be abused if misconfigured to point to malicious servers.