ClawHub
Back to skill
v1.0.1

Wiz Smart Light Control

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:49 AM.

Analysis

This skill appears to do what it claims—control local Wiz smart lights—with a few expected cautions around installing an unpinned Python dependency and allowing the agent to change a physical device state.

GuidanceThis appears safe for its stated purpose if you want local Wiz bulb control. Before installing, be comfortable with the agent changing a physical light on your network, use the correct bulb IP address, keep disco mode durations positive and limited, and consider pinning the pywizlight dependency.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
wiz.py
await light.turn_on(PilotBuilder(brightness=255)) ... await light.turn_off() ... await light.turn_on(PilotBuilder(rgb=(red, green, blue), brightness=255))

The script can directly change the state of a local smart light. This is the advertised purpose, but it is still a real-world device action that should be user-directed.

User impactThe agent can turn lights on or off and change their colors if given a bulb IP address.
RecommendationInstall only if you want the agent to control these lights, and verify the bulb IP before use.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
wiz.py
while True:
                # Check duration
                if duration > 0 and (time.time() - start_time) > duration:

Disco mode stops only when duration is greater than zero and elapsed; a zero or negative duration would keep the flashing loop running until interrupted. The default CLI duration is 10 seconds, so this is a usage caution rather than suspicious behavior.

User impactIf invoked with a non-positive duration, the light could keep cycling colors until the process is stopped.
RecommendationUse a positive duration for disco mode and avoid running it where flashing lights could bother or affect people.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
python3 -m venv venv && source venv/bin/activate && pip install -r requirements.txt

The setup flow installs a Python dependency from requirements.txt. That dependency is purpose-aligned, but the requirements file contains an unpinned package name, so the installed version depends on what the package index serves at setup time.

User impactInstallation depends on the current external Python package version rather than a fixed reviewed version.
RecommendationConsider pinning pywizlight to a known-good version before installing, especially in managed or security-sensitive environments.