Home Assistant Assist
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: homeassistant-assist Version: 1.1.1 The skill uses `curl` to interact with a user-configured Home Assistant API endpoint, requiring sensitive environment variables (`HASS_SERVER`, `HASS_TOKEN`) for its operation. The `SKILL.md` instructs the AI agent to insert user input directly into a JSON payload's `text` field (`'{"text": "USER REQUEST HERE", "language": "en"}'`). This creates a potential JSON injection vulnerability if the OpenClaw agent does not properly sanitize or escape the user's input before insertion, which could lead to unintended commands being processed by the Home Assistant API. While not explicitly malicious, this direct insertion of user input without sanitization guidance constitutes a significant prompt injection risk.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A misunderstood, ambiguous, or overly broad command could change physical devices such as lights, thermostats, covers, vacuums, or media players without an extra safety check.
The skill grants broad device-control authority through Home Assistant Assist and tells the agent not to add validation or confirmation before execution.
Use this skill when the user wants to control or query any smart home device... **Fire and forget** — trust Assist to handle ... execution.
Use explicit confirmation for sensitive actions, restrict allowed Home Assistant domains/entities where possible, and avoid fire-and-forget behavior for security- or safety-relevant devices.
If the token is exposed or misused, someone or another agent action could query or control the Home Assistant instance.
The skill requires a Home Assistant bearer token. This is expected for the integration, but long-lived tokens are sensitive and may carry broad Home Assistant privileges.
"HASS_TOKEN": "your-long-lived-access-token"
Store the token securely, use a dedicated Home Assistant user/token with the least practical permissions, and revoke the token when it is no longer needed.