Philips Hue
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: philips-hue Version: 1.0.1 The `hue.sh` script contains a critical Python code injection vulnerability. User-supplied hex color values are directly interpolated into a `python3` script within the `hex_to_hsb` function without proper sanitization. This allows an attacker to inject and execute arbitrary Python code on the host system, leading to Remote Code Execution (RCE). While the skill's stated purpose is benign, this severe input sanitization flaw makes it suspicious due to the potential for exploitation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who gets the .env file and can reach the bridge may be able to control the user’s Hue lights.
The skill relies on a Hue API key/username for bridge access. This is expected for Hue control, but the credential gives control over lights and should be protected.
USERNAME=your_api_key # Obtained after pairing
Keep .env private, do not paste the Hue API key into shared files or prompts, and revoke/regenerate the Hue username if it may have leaked.
An invocation can turn lights on or off or change brightness/color.
The script sends state-changing API requests to Hue lights. This is the intended function, but it can visibly change the user’s physical environment.
call_api "/lights/$ID/state" "$STATE"
Use the skill only for intended lighting actions, and review agent-initiated uses if you do not want autonomous light changes.
If an attacker can modify the skill’s .env file, they could cause local commands to run under the user’s account when the script is invoked.
The script sources .env as shell code rather than parsing it as data. This is a common pattern for shell configuration, but a tampered .env could execute commands when the skill runs.
if [ -f "$CONFIG_FILE" ]; then . "$CONFIG_FILE" fi
Only place simple BRIDGE_IP and USERNAME assignments in .env, keep the skill directory writable only by trusted users, and avoid copying untrusted .env content.
Future agent sessions may see and rely on the saved command reminder.
The documentation suggests adding persistent workspace guidance. It does not ask the user to store secrets there, but persistent tool notes can affect future agent behavior.
add a reminder of these commands in your `TOOLS.md` file at the root of your workspace
If adding a TOOLS.md reminder, keep it minimal and never include the Hue API key or other secrets.