Back to skill

Security audit

Homeassistant N8n Agent

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it gives an agent broad smart-home and calendar workflow authority through raw curl commands without clear safety or privacy guardrails.

Review before installing. Use it only with an n8n workflow you control and trust, add explicit confirmation for action requests, restrict allowed devices and actions in n8n, and construct the POST body safely instead of pasting user text into raw shell JSON. Assume home activity and calendar prompts may be stored in n8n execution logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly enables POST requests that can change Home Assistant device state, but it does not warn users that natural-language requests may trigger real-world actions such as turning devices on or off or changing thermostat settings. In an automation context, missing this warning increases the chance of unsafe or unintended physical actions being initiated through the skill.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill sends user prompts, household device queries, historical activity, and calendar-related requests to an n8n webhook, but it does not disclose that this data leaves the agent context and is transmitted to another service. This creates a privacy and data-handling risk because sensitive household behavior and scheduling information may be exposed, logged, or retained by the receiving workflow.

External Transmission

Medium
Category
Data Exfiltration
Content
This skill bridges OpenClaw with your n8n instance for Home Assistant automation.

# How it works
Uses curl to trigger a n8n workflow for all things related to IoT.  All requests should be a POST formatted as follows: curl -X POST http://localhost:5678/webhook/05f3f217-08b9-42de-a84a-e13f135bde73 -H "Content-Type: application/json" -d '{"chatInput": "USERS QUESTION/REQUEST", "requestType": "DETERMINED REQUEST TYPE", "sessionId":"openclaw"}'

# Steps
Determine the nature of a user's prompt.
Confidence
86% confidence
Finding
curl to trigger a n8n workflow for all things related to IoT. All requests should be a POST formatted as follows: curl -X POST http://localhost:5678/webhook/05f3f217-08b9-42de-a84a-e13f135bde73 -H "C

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.