ClawAudit verdict
xiaoai-bridge
Receives external input AND executes processes
Mi Xiaoai smart speaker voice bridge that polls the user's own Xiaomi account for voice messages and routes them to the user's AI assistant; uses user-supplied Mi credentials and only sends TTS responses back to the user's own device.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
What it does
These are capability combinations: each listed behavior occurs in the skill, but ClawAudit detects co-occurrence — it does not verify that one flows into another. Read the code to confirm a live chain.
Receives external input AND executes processes — the shape of a command & control channel
LLM05 · LLM06 · ASI10
Installs packages AND executes processes — opaque dependency chain with execution
LLM03 · ASI04
Permission integrity
package_install
Findings (6)
Possible hardcoded credential
references/migpt-api.md · code · Token: "你的passToken
Uses exec() — may execute shell commands
SKILL.md · code · exec(
References child_process — can spawn system processes
SKILL.md · code · child_process
Long base64 string (100+ chars) — likely obfuscated payload
scripts/.mi.json · prose · downgraded · pwROAesIuzMBPe5slLSsQlxaobuyZH0R3IgkV3uUgKwmaQ813TVZQtlyHOUwVXYws7jW/RyrdYuZTvyh
Popular HTTP library — network access
scripts/package-lock.json · prose · downgraded · axios
Accesses sensitive environment variables
scripts/test-fetch.js · prose · downgraded · process.env.MI_PASS_TOKEN
Why the tier is capped
Execution sink present in raw bytes (Hard Floor: class D). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.
Permissions & capabilities
No declared permissions — minimal attack surface.
package_installnetwork_inprocess_exec Thanks — recorded.