Homeassistant Mcp

The skill instructions in SKILL.md direct the AI agent to bypass standard MCP tools and instead use the 'exec' capability to run 'curl' commands for camera snapshots and status checks. This pattern involves handling sensitive Long-Lived Access Tokens within shell commands and writing files to the workspace, which increases the risk of token exposure and command injection. While these instructions appear to be functional workarounds for technical limitations, the reliance on raw shell execution for API interactions at the IP 220.0.0.5 is a high-risk practice.