Anova Oven
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: anova-skill Version: 0.1.0 The skill is designed to control Anova smart devices via their official WebSocket API. It requires a personal access token, which is stored locally in `~/.config/anova/token` and used to authenticate with `wss://devices.anovaculinary.io`. The Python script `scripts/anova.py` only accesses this token file and communicates solely with the legitimate Anova API. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts in the documentation (`SKILL.md`, `AGENTS.md`, `README.md`) that would lead to unauthorized actions or data access.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could remotely turn on or continue running a real oven/cooker if a request is misinterpreted, lacks a duration, or targets the wrong default device.
The visible code can issue an automatic oven-start command, and it only adds a timer when a duration is supplied. For a physical heating appliance, this needs stronger confirmation and fail-closed safety bounds.
"userActionRequired": False ... "stageTransitionType": "automatic" ... elif duration: cook_stage["timer"] = {"initial": duration * 60} ... "command": "CMD_APO_START"Require explicit user confirmation before any start command, require device selection when multiple devices exist, enforce safe temperature and duration limits, and reject cook/preheat commands without a timer or probe endpoint.
Anyone or any process that obtains the token may be able to access or control the user's Anova devices.
The skill requires a persistent Anova account token that can access and control paired devices. This is purpose-aligned, but it is sensitive and not declared in the registry credential fields.
**Personal Access Token** from Anova app ... Create token ... Store in `~/.config/anova/token`
Store the token with restrictive permissions, revoke it if no longer needed, and ensure the registry metadata clearly declares the required credential and config path.
A future dependency version could change behavior or introduce vulnerabilities.
The skill depends on a third-party Python package with an unpinned lower-bound version. This is common and purpose-aligned, but future dependency changes are not constrained.
websockets>=10.0
Pin dependency versions or provide a lockfile/hashes for reproducible installation.