monta-lights
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill requires the 'meross_iot' Python package. This is a widely used community library for Meross device integration.
- [DATA_EXPOSURE] (SAFE): Sensitive credentials (email and password) are managed through environment variables rather than being hardcoded in the script.
- [COMMAND_EXECUTION] (SAFE): The skill executes a local Python script with a restricted set of arguments. There is no evidence of arbitrary command injection or unsafe shell execution.
- [DATA_EXFILTRATION] (SAFE): Network activity is confined to the official Meross IoT cloud endpoint (iot.meross.com) for device management.
Audit Metadata