Netatmo
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked unintentionally, the agent could change heating temperature or mode.
These commands can change the physical thermostat state. The behavior is disclosed and aligned with the skill purpose, with some bounds documented.
netatmo set 21 # Set target temp (7-30°C, 3h manual mode) netatmo mode away # Away mode (12°C) netatmo mode hg # Frost guard (7°C)
Use thermostat-changing commands only when you explicitly want a change, and consider asking the agent to confirm before running `set` or `mode` commands.
Anyone or any process with access to those token files may be able to read Netatmo data or control devices through the same account.
The skill expects local Netatmo OAuth credentials and tokens. This is appropriate for a Netatmo integration, but it grants access to the user's Netatmo account and devices.
Credentials in `~/.config/netatmo/`:
- `credentials.json`: `{"client_id": "...", "client_secret": "..."}`
- `tokens.json`: OAuth tokens (auto-refreshed)Protect `~/.config/netatmo/`, use only appropriately scoped Netatmo credentials, and do not share token files.
The safety of actions depends partly on which `netatmo` command-line tool is installed on the user's system.
The skill depends on an external `netatmo` CLI, while the provided artifact set has no install spec or declared required binary. This is not inherently unsafe, but users must know and trust the CLI being invoked.
Control Netatmo smart home devices via `netatmo` CLI.
Install the Netatmo CLI from a trusted source and verify the binary in your PATH before using the skill.