xiaomi-cam-snapshot

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples and instructions that embed the camera password verbatim in command-line arguments and shell config (e.g., --password YOUR_PASSWORD, export MILOCO_PASSWORD="你的六位密码", or echoing it into ~/.zshrc), which requires the agent to handle and potentially output secret values directly, creating an exfiltration risk.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These URLs point to a third‑party GitHub repo and a localhost web UI that is bootstrapped by running an untrusted Docker image from ghcr.io (user tiancheng91); while GitHub/localhost themselves are normal, running a community container that asks for Xiaomi credentials and listens on localhost can execute arbitrary code, access cameras and secrets, and therefore poses a significant security/privacy risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's setup instructs the user to run a Docker image pulled at runtime from ghcr.io/tiancheng91/miloco-backend:dev (docker run ...), which fetches and executes remote code and is required for the skill to function.