Back to skill
Skillv1.0.0
VirusTotal security
smarthome · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 29, 2026, 5:40 AM
- Hash
- 8897395dcb75fac4935438925abe9217cf24daf3baa42037336b26d42a00061a
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: smarthome Version: 1.0.0 The skill provides a legitimate utility for controlling Home Assistant and Tuya smart home devices. It manages credentials by storing them in a local configuration file (~/.config/universal-smarthome/config.json) and communicates only with user-defined endpoints or official Tuya APIs. The Python script (scripts/smart.py) implements standard HMAC-SHA256 signing for Tuya and REST API calls for Home Assistant without any evidence of data exfiltration, unauthorized remote execution, or malicious prompt injection.
- External report
- View on VirusTotal