enzoldhazam

What to consider before installing: - Functionality: The skill legitimately needs your enzoldhazam.hu account credentials to list and set thermostats. Expect to provide credentials either via ENZOLDHAZAM_USER / ENZOLDHAZAM_PASS (env vars) or by using the CLI login which stores them in your OS keyring. - Metadata mismatch: The registry metadata lists no required env vars, but the README/SKILL.md and code do accept ENZOLDHAZAM_USER/ENZOLDHAZAM_PASS/ENZOLDHAZAM_SERIAL. Don't rely solely on the registry metadata — the skill will use credentials if provided. - Build/run risk: Installation requires cloning a GitHub repo and building a Go binary. Because the code runs locally, review the source (included in the skill) or run it in an isolated environment if you distrust the publisher. The included source appears to only communicate with https://www.enzoldhazam.hu and the Ax endpoint. - Keyring access: The CLI uses the system keyring to store credentials (via zalando/go-keyring). This is normal for convenience, but it means the program will call system credential APIs; if you prefer, use temporary environment variables instead of storing credentials in keychain. - Network behavior: All network calls in the code go to the stated domain (enzoldhazam.hu). There are no other external endpoints or obfuscated network calls in the provided source. - Operational caution: If you are uneasy about an agent invoking the CLI autonomously, consider restricting the skill's access or requiring explicit user confirmation (SKILL.md already advises confirming temperature changes). If you want extra safety, inspect the repository contents yourself before building and run the binary with least privilege or in a sandboxed environment.