ClawHub

Homeassistant Skill

Security checks across malware telemetry and agentic risk

Overview

This skill openly lets an agent read and control a Home Assistant setup, including sensitive home devices, but the artifacts are coherent, disclosed, and instruction-only.

Install only if you want an agent to access your Home Assistant instance. Use the least-privileged Home Assistant account or token available, protect HA_TOKEN like a password, revoke it when no longer needed, and require explicit confirmation before actions involving locks, alarms, garage doors, gates, security automations, presence/location, calendars, history, logbook, scripts, scenes, or broad service calls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly advertises access to presence/location data and calendar information, which are highly sensitive categories of personal data, but it does not provide any privacy warning, consent expectations, or guidance on safe handling. In an agent skill context, this omission is risky because users may not realize the skill can expose occupancy patterns, routines, and upcoming events through natural-language requests.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documents person and device_tracker queries that reveal occupancy and location information, but it does not provide a clear privacy warning, consent requirement, or minimization guidance for this highly sensitive data. In a smart-home context, exposing who is home or where tracked devices are located can materially affect personal privacy and physical security.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal