govee-control
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instruction-only Govee control guide; the main thing to handle carefully is the Govee API key because the documented commands can change device state.
Before installing, be comfortable that this guide will help your agent use a Govee API key and manual curl commands to list and control your Govee devices. Keep the API key private, store it only in the recommended per-user secrets file, and review any command that changes device state before running it.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user runs the wrong command or uses the wrong device/model values, they could unintentionally turn devices on or off or change brightness/color.
The guide includes manual curl commands that change the state of Govee devices. This is expected for a Govee control skill, but it is still a real device-control capability.
curl -sS -X PUT "https://developer-api.govee.com/v1/devices/control" ... "cmd":{"name":"turn","value":"on"}Verify the device and model values before running control commands, and keep the documented one-device-at-a-time approach unless the user explicitly approves bulk actions.
Someone with access to the API key may be able to query or control supported Govee devices on the account.
The skill requires and stores a Govee API key, which authorizes access to the user’s Govee account/devices. The storage guidance is scoped and protective, but the credential remains sensitive.
Required Credential - `GOVEE_API_KEY` ... cat > "$HOME/.openclaw/secrets/govee.env" ... chmod 600 "$HOME/.openclaw/secrets/govee.env"
Store the key only in the protected per-user file, avoid pasting it into chat or logs, and rotate the key if it is exposed.