Security audit
Security checks across malware telemetry and agentic risk
The skill matches its smart-home purpose, but it gives broad AI-driven control over locks and other physical devices while under-disclosing credential, network, and persistence risks.
Review before installing. Use a dedicated least-privilege Home Assistant token if possible, protect or rotate the token, bind the MCP server strictly to localhost, avoid autonomous unlock or whole-home commands without explicit confirmation, and verify any LaunchAgent or Docker service persistence before enabling it.
echo "=========================================="
echo "Enter your Home Assistant Long-Lived Access Token:"
read -r HA_TOKEN
echo "HA_URL=http://localhost:8123" > "$SCRIPT_DIR/.env"
echo "HA_TOKEN=$HA_TOKEN" >> "$SCRIPT_DIR/.env"
echo "PORT=3002" >> "$SCRIPT_DIR/.env"
echo "✓ Created .env file"echo "=========================================="
echo "MCP Server Configuration"
echo "=========================================="
echo "Enter your Home Assistant Long-Lived Access Token:"
read -r HA_TOKEN
echo "HA_URL=http://localhost:8123" > "$SCRIPT_DIR/.env"
echo "HA_TOKEN=$HA_TOKEN" >> "$SCRIPT_DIR/.env"echo "" echo "Installing HA MCP Server as LaunchAgent..." mkdir -p "$HOME/Library/LaunchAgents" mkdir -p "$(dirname "$PLIST_SRC")" # Create user-specific plist PLIST_DST="$HOME/Library/LaunchAgents/ai.openclaw.ha-mcp.plist"
mkdir -p "$HOME/Library/LaunchAgents" mkdir -p "$(dirname "$PLIST_SRC")" # Create user-specific plist PLIST_DST="$HOME/Library/LaunchAgents/ai.openclaw.ha-mcp.plist" sed "s|/Users/nanali|$HOME|g" "$PLIST_SRC" > "$PLIST_DST" launchctl load "$PLIST_DST" 2>/dev/null || true
mkdir -p "$(dirname "$PLIST_SRC")" # Create user-specific plist PLIST_DST="$HOME/Library/LaunchAgents/ai.openclaw.ha-mcp.plist" sed "s|/Users/nanali|$HOME|g" "$PLIST_SRC" > "$PLIST_DST" launchctl load "$PLIST_DST" 2>/dev/null || true echo "✓ HA MCP Server installed as LaunchAgent"
mkdir -p "$(dirname "$PLIST_SRC")" # Create user-specific plist PLIST_DST="$HOME/Library/LaunchAgents/ai.openclaw.ha-mcp.plist" sed "s|/Users/nanali|$HOME|g" "$PLIST_SRC" > "$PLIST_DST" launchctl load "$PLIST_DST" 2>/dev/null || true echo "✓ HA MCP Server installed as LaunchAgent"
# Create user-specific plist PLIST_DST="$HOME/Library/LaunchAgents/ai.openclaw.ha-mcp.plist" sed "s|/Users/nanali|$HOME|g" "$PLIST_SRC" > "$PLIST_DST" launchctl load "$PLIST_DST" 2>/dev/null || true echo "✓ HA MCP Server installed as LaunchAgent"
# Create user-specific plist PLIST_DST="$HOME/Library/LaunchAgents/ai.openclaw.ha-mcp.plist" sed "s|/Users/nanali|$HOME|g" "$PLIST_SRC" > "$PLIST_DST" launchctl load "$PLIST_DST" 2>/dev/null || true echo "✓ HA MCP Server installed as LaunchAgent"
# Create user-specific plist PLIST_DST="$HOME/Library/LaunchAgents/ai.openclaw.ha-mcp.plist" sed "s|/Users/nanali|$HOME|g" "$PLIST_SRC" > "$PLIST_DST" launchctl load "$PLIST_DST" 2>/dev/null || true echo "✓ HA MCP Server installed as LaunchAgent" echo ""
# Create user-specific plist PLIST_DST="$HOME/Library/LaunchAgents/ai.openclaw.ha-mcp.plist" sed "s|/Users/nanali|$HOME|g" "$PLIST_SRC" > "$PLIST_DST" launchctl load "$PLIST_DST" 2>/dev/null || true echo "✓ HA MCP Server installed as LaunchAgent" echo ""
65/65 vendors flagged this skill as clean.
Detected: suspicious.env_credential_access