Smart Home Energy Saver
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is consistently framed as read-only energy analysis, with only minor caution needed around optional Home Assistant tokens and home device data.
This skill appears safe to install as an instruction-only, read-only helper. Before using it, provide only the minimum Home Assistant data needed, prefer exported data or a read-only token, avoid admin credentials, and manually review any generated automation YAML before enabling it.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the token is broader than read-only, the agent or anyone who obtains it could have more access to your Home Assistant instance than intended.
The skill may ask for a Home Assistant token, which is appropriate for read-only energy analysis but still grants account-linked access to home device data.
Home Assistant instance info and read-only token (if used).
Use a least-privilege read-only token if possible, avoid sharing admin tokens, and revoke the token when it is no longer needed.
Unvalidated sensor-update inputs could lead to incorrect recommendations or expose home-usage patterns if configured carelessly.
The skill mentions optional webhook-style sensor updates, which are purpose-aligned but involve inbound home telemetry and should have clear sender validation and rate limits.
Optional: sensor updates for periodic analysis. Validate device ids and data ranges before using. Rate limit processing to avoid spikes.
Only enable webhooks from trusted Home Assistant sources, validate identifiers and values, and keep rate limits in place.