中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 25/100
Last scan:21 hr ago Rescan
25 /100
midea-cloud-control
Connect and control Midea devices through the Midea cloud with a local cached account/device config. Supports connect, list, and power toggle.
This is a legitimate Midea cloud control skill that stores user credentials in plaintext on disk — a significant but documented and disclosed security concern with no evidence of exfiltration or covert behavior.
Skill Namemidea-cloud-control
Duration46.3s
Enginepi
Safe to install
Accept the skill but warn users that passwords are stored in plaintext in ~/.openclaw/midea-cloud-control/config.json. Pin midealocal to a specific version (e.g., ==6.6.0) to prevent supply-chain surprises. Add an allowed-tools declaration mapping uv/Bash/Read/Write.

Findings 3 items

Severity Finding Location
High
Plaintext password storage on disk Credential Theft
The connect command stores the user's Midea account password in plaintext in ~/.openclaw/midea-cloud-control/config.json. If this file is compromised (malware, unauthorized access), the attacker gains the user's Midea cloud password in cleartext.
path = save_config({
    "account": account,
    "password": password,
    "cloud_name": cloud_name,
    "devices": devices,
})
→ Either encrypt the stored credentials (e.g., using keyring or a symmetric key from environment), or use token-based auth. If plaintext storage is unavoidable, warn users prominently and advise using a dedicated Midea account.
 references/generated-midea-skill-cli.md:65
Medium
Unpinned midealocal dependency version Supply Chain
The generated midea_skill_cli.py imports 'from midealocal.cloud import MideaCloud, get_midea_cloud' without a version constraint. api-notes.md references midea-local==6.6.0, but this is not enforced. A future malicious or buggy release could alter behavior.
from midealocal.cloud import MideaCloud, get_midea_cloud
→ Add a requirements.txt or pin the version in the uv run command: 'uv run --with midea-local==6.6.0 python ...'
 references/generated-midea-skill-cli.md:9
Low
Missing allowed-tools declaration Doc Mismatch
The SKILL.md does not include an allowed-tools declaration mapping to the capability model. While the workflow is documented in prose, the formal mapping (Bash→shell:WRITE, Read→filesystem:READ, Write→filesystem:WRITE) is absent.
No allowed-tools section present
→ Add an allowed-tools declaration per the capability model: 'allowed-tools: Bash, Read, Write'
 SKILL.md:1
ResourceDeclaredInferredStatusEvidence
Filesystem WRITE WRITE ✓ Aligned SKILL.md bootstrap step writes config_store.py and midea_skill_cli.py; generated…
Shell WRITE WRITE ✓ Aligned SKILL.md executes 'uv run python skills_runtime/midea-cloud-control/midea_skill_…
Network READ READ ✓ Aligned generated-midea-skill-cli.py uses aiohttp to call Midea cloud APIs (login, list,…
Environment NONE NONE No environment variable access found
Skill Invoke NONE NONE No nested skill invocation
Clipboard NONE NONE No clipboard access
Browser NONE NONE No browser access
Database NONE NONE No database access

File Tree

4 files · 11.7 KB · 346 lines
Markdown 4f · 346L
├─ 📁 references
│ ├─ 📝 api-notes.md Markdown 21L · 878 B
│ ├─ 📝 generated-config-store.md Markdown 30L · 866 B
│ └─ 📝 generated-midea-skill-cli.md Markdown 186L · 6.0 KB
└─ 📝 SKILL.md Markdown 109L · 4.0 KB

Dependencies 2 items

PackageVersionSourceKnown VulnsNotes
midealocal unpinned pip No api-notes.md references 6.6.0 but the generated CLI does not enforce a version pin. A future release could alter behavior.
aiohttp unpinned pip No Used for HTTP client; no version constraint

Security Positives

✓ No base64-encoded execution, obfuscation, or anti-analysis techniques detected
✓ No network requests to unexpected/external IPs — all API calls go to Midea cloud infrastructure
✓ No credential exfiltration — passwords are stored locally only for Midea API authentication
✓ No reverse shell, C2, or covert data transfer mechanisms
✓ Documentation is thorough and explicitly discloses credential storage location and behavior
✓ No hidden HTML comments, embedded scripts, or shadow functionality
✓ The skill is a pure-text publishable skill with no binary artifacts