ClawHub

Home Assistant Assist

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about controlling Home Assistant, but it gives an agent broad fire-and-forget control over real smart-home devices without clear safeguards for sensitive actions.

Install only if you are comfortable allowing OpenClaw to send commands that may operate real devices in your home. Use a dedicated least-privilege Home Assistant token if possible, restrict which entities Assist can control, prefer HTTPS for HASS_SERVER, keep the token out of chats and logs, and require manual confirmation for locks, doors, alarms, covers, climate controls, appliances, or other safety-sensitive actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README encourages direct natural-language control of real smart-home devices, including security- and safety-relevant actions such as closing garage doors and checking lock state, but does not warn users that commands can cause immediate real-world effects or advise confirmation for sensitive actions. In an agent setting, ambiguous, misheard, injected, or contextually manipulated prompts could lead to unintended device operations affecting physical security, privacy, or safety.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs operators to send arbitrary user natural-language commands to a remote Home Assistant instance using a bearer token, but it does not warn that this is a network transmission of user input that can trigger real-world actions on connected devices. In a smart-home context, missing disclosure and safety framing is meaningful because commands may unlock doors, open covers, disable alarms, or control appliances.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
The skill hard-codes the conversation language to English, which can cause misinterpretation of user commands when the user's locale differs from English. In this context, incorrect NLU parsing can lead to unintended smart-home actions or failure to execute the intended one, which is more dangerous than a typical localization bug because it affects physical devices.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal