govee-control
v1.0.1Script-free Govee OpenAPI setup and control guide. Use when the user wants to get a Govee API key, connect Govee, list devices, check state, or send power/br...
⭐ 0· 692·0 current·0 all-time
byColeZ@cole-z
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, required binaries (bash, curl), required env var (GOVEE_API_KEY), and all curl commands target developer-api.govee.com — these are coherent and expected for a Govee API control guide.
Instruction Scope
SKILL.md contains concrete curl commands and step-by-step guidance for obtaining, storing, and using GOVEE_API_KEY. It stays focused on device discovery/state/control and explicitly warns not to read unrelated secrets or publish keys. Instructions reference only per-user files under $HOME for storing the key, which is appropriate for this purpose.
Install Mechanism
There is no install spec and no code files. Being instruction-only means nothing is downloaded or written by an installer, minimizing risk.
Credentials
Only GOVEE_API_KEY is required and declared as the primary credential. No unrelated credentials, system config paths, or excessive env variables are requested.
Persistence & Privilege
always is false and the skill does not request persistent/privileged system presence or modify other skills' configs. Autonomous invocation is allowed by platform default but that is not unusual for an instruction-only skill.
Assessment
This skill is coherent and instruction-only, but follow basic precautions: only store GOVEE_API_KEY in a per-user secrets file (as described) and do not paste it into chats or public repos; verify network egress to https://developer-api.govee.com is intended; review any curl commands before running them (ensure device and model IDs are your own); if you allow the agent to run shell commands autonomously, restrict its permissions and confirm it cannot read other secret files — those runtime execution privileges are separate from the skill content.Like a lobster shell, security has layers — review code before you run it.
Runtime requirements
💡 Clawdis
Binsbash, curl
EnvGOVEE_API_KEY
Primary envGOVEE_API_KEY
latest
Govee OpenAPI (No Scripts)
Control Govee devices using manual curl commands only.
Linux System Requirements
- Linux shell with
bashavailable. curlinstalled.- Internet access to
https://developer-api.govee.comandhttps://developer.govee.com. - Govee account with supported devices linked.
- Optional:
jqfor pretty-printing JSON responses.
Quick check:
bash --version | head -n 1
curl --version | head -n 1
command -v jq >/dev/null && jq --version || echo "jq not installed (optional)"
Required Credential
GOVEE_API_KEY(required)
Autonomous Use Guardrails
- Only read
GOVEE_API_KEYfrom your chosen per-user secrets file. - Do not read unrelated secret files or system credentials.
- Restrict outbound requests to:
https://developer-api.govee.comhttps://developer.govee.com
- Ask before controlling multiple devices or performing bulk changes.
Get a Govee API Key
- Open
https://developer.govee.com/. - Sign in with the same Govee account that owns your devices.
- Go to the API key section in the developer console.
- Generate/apply for a key and copy it.
- Keep it private (treat it like a password).
If the portal UI changes, use the same flow: sign in to Govee Developer → find API key management → create key.
Secure Local Storage (Per-User)
Never store API keys in skill files, git, or chat logs.
Create a per-user secrets file (avoid /root unless intentionally running as root):
mkdir -p "$HOME/.openclaw/secrets"
cat > "$HOME/.openclaw/secrets/govee.env" <<'EOF'
export GOVEE_API_KEY='<YOUR_API_KEY>'
EOF
chmod 600 "$HOME/.openclaw/secrets/govee.env"
Load only this variable into the current shell (no set -a):
source "$HOME/.openclaw/secrets/govee.env"
API Base URL
https://developer-api.govee.com/v1
Discover Devices First
Before controlling lights, list devices and copy your own device + model:
curl -sS -X GET "https://developer-api.govee.com/v1/devices" \
-H "Govee-API-Key: $GOVEE_API_KEY" \
-H "Content-Type: application/json"
View Device State
curl -sS -X GET "https://developer-api.govee.com/v1/devices/state?device=<DEVICE>&model=<MODEL>" \
-H "Govee-API-Key: $GOVEE_API_KEY" \
-H "Content-Type: application/json"
Control Commands
Turn on
curl -sS -X PUT "https://developer-api.govee.com/v1/devices/control" \
-H "Govee-API-Key: $GOVEE_API_KEY" \
-H "Content-Type: application/json" \
-d '{"device":"<DEVICE>","model":"<MODEL>","cmd":{"name":"turn","value":"on"}}'
Turn off
curl -sS -X PUT "https://developer-api.govee.com/v1/devices/control" \
-H "Govee-API-Key: $GOVEE_API_KEY" \
-H "Content-Type: application/json" \
-d '{"device":"<DEVICE>","model":"<MODEL>","cmd":{"name":"turn","value":"off"}}'
Brightness (1-100)
curl -sS -X PUT "https://developer-api.govee.com/v1/devices/control" \
-H "Govee-API-Key: $GOVEE_API_KEY" \
-H "Content-Type: application/json" \
-d '{"device":"<DEVICE>","model":"<MODEL>","cmd":{"name":"brightness","value":75}}'
RGB color
curl -sS -X PUT "https://developer-api.govee.com/v1/devices/control" \
-H "Govee-API-Key: $GOVEE_API_KEY" \
-H "Content-Type: application/json" \
-d '{"device":"<DEVICE>","model":"<MODEL>","cmd":{"name":"color","value":{"r":120,"g":180,"b":255}}}'
Response Check
Success usually returns:
{"code":200,"message":"Success"}
If code is not 200, treat it as failure.
Troubleshooting
401/ unauthorized: key missing, expired, or invalid.429/ rate limit: slow retries.- command rejected: model does not support that command (
supportCmds). - empty device list: account has no supported linked devices.
Safety Rules
- Use placeholders in docs only (
<DEVICE>,<MODEL>,<YOUR_API_KEY>). - Do not include real keys or device IDs in published artifacts.
- Prefer one-device-at-a-time actions over bulk changes.
- Avoid pasting API keys into chat.
Comments
Loading comments...