ClawHub

Homeassistant

Security checks across malware telemetry and agentic risk

Overview

This Home Assistant skill has a coherent smart-home purpose, but it asks users to use a long-lived token and control physical devices without enough safeguards or a bundled executable to verify.

Review before installing. Verify exactly which ha-cli executable will run before entering a Home Assistant token, use a least-privileged token or account if possible, protect or avoid the saved config.json, and require manual confirmation for locks, scripts, scenes, covers, and other actions that affect the home.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly advertises automatic saving of credentials to config.json but does not warn that the Home Assistant long-lived token is sensitive, persistent, and may be exposed through weak file permissions, backups, shell history, or accidental commits. In the context of a home automation CLI, such a token can enable broad control over devices and household state, making undocumented credential persistence a real security weakness.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The setup instructions tell users to obtain and supply a long-lived access token but provide no warning about protecting it during entry or after storage. Because the token likely grants ongoing API access to Home Assistant, disclosure could let an attacker monitor or control connected devices, and the risk is heightened here because this skill targets home infrastructure rather than low-value demo data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation clearly enables real-world actions against physical devices, including locks, covers, scenes, and scripts, but does not prominently warn users that commands may trigger immediate physical effects. This increases the risk of unsafe or unintended actions, especially in agent-driven contexts where a user may not realize that a natural-language request could unlock doors or activate automations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal