ClawHub

Smart Home Energy Saver

v1.0.0

Analyze home energy usage and propose safe, read-only automation plans for savings. Use when a user wants Home Assistant energy insights, optimization ideas, or draft automation YAML without directly controlling devices.

2· 1.1k·4 current·4 all-time
by@codedao12
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (energy analysis + draft automation YAML) match the runtime instructions and reference files. Suggested use of Home Assistant REST/WebSocket read-only access and exported sensor data is appropriate for the stated goal.
Instruction Scope
SKILL.md and references focus on read-only analysis, draft automations, safety constraints, and manual rollout. There are no instructions to read unrelated system files or to modify devices. Webhooks/periodic sensor updates are optional and within scope.
Install Mechanism
Instruction-only skill with no install spec or code files — lowest installation risk. Nothing is downloaded or written by an installer.
Credentials
The documentation expects read-only Home Assistant tokens and advises storing them in environment variables, which is reasonable. However, the registry metadata declares no required env vars or primary credential — this mismatch should be clarified. Ensure only read-only tokens are provided (no admin credentials) and consider using exported data instead of live tokens.
Persistence & Privilege
Does not request persistent presence (always:false) and does not modify other skill/system configs. Autonomous invocation by the agent is enabled by platform default (not a red flag by itself).
What to consider before installing
This skill appears to do what it says (read-only energy analysis and draft automations), but proceed cautiously: 1) The publisher/source is unknown — prefer skills with clear provenance. 2) Do not provide admin tokens; if you must provide a Home Assistant token, create and test a read-only token with the minimal scope needed, or supply exported sensor data instead. 3) Review any generated automation YAML carefully before applying it to your system (the skill explicitly says it will not apply changes). 4) Confirm how webhooks/periodic updates would be configured so the skill cannot be tricked into receiving or sending unexpected data. 5) Ask the publisher to update registry metadata to declare the expected environment variable (token) so the requirements are explicit. If you need higher assurance, request the skill author/source, or run the workflow manually using exported data rather than giving live credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e1zjyx8x8v9rfc4rwbhfrnh80va15

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments