Home Assistant
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This Home Assistant skill is purpose-aligned, but it can give an agent broad control over smart-home devices and automations without clear scoping or confirmation safeguards.
Install only if you are comfortable giving the agent control over your Home Assistant instance. Use a dedicated restricted token if possible, secure the config file, require confirmation for critical devices or automations, and be cautious with the generic 'call any service' command.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
63/63 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or compromised agent action could invoke any Home Assistant service the token allows, including scripts, automations, garage/cover controls, thermostat changes, or other physical-device actions.
The wrapper implements an arbitrary Home Assistant service caller using agent/user-provided domain, service, and JSON data, rather than limiting actions to a safer scoped set.
call) ... domain="${1:?Usage: ha.sh call <domain> <service> [json_data]}" ... api -X POST "$HA_URL/api/services/$domain/$service" -d "$data"Use an allow-list of safe entities and services, require explicit user confirmation for high-impact actions such as locks, garage doors, alarms, climate, and automations, and disable or restrict the generic service-call command unless truly needed.
Anyone who can read or use the token may be able to act as the Home Assistant account and control or inspect configured entities.
The skill expects a persistent Home Assistant bearer token. This is expected for the integration, but it is sensitive account authority and is not declared as a primary credential in the registry metadata.
"token": "your-long-lived-access-token" ... export HA_TOKEN="your-long-lived-access-token"
Create a dedicated Home Assistant account/token with the least privileges available, store the config file with restrictive permissions, rotate the token if exposed, and make the credential requirement explicit before installation.
If the webhook URL or secret is exposed, outside events could potentially trigger notifications or other agent actions.
The skill describes inbound webhook events that may trigger agent behavior. The example includes a bearer secret, but the artifacts do not show validation logic or limits on what webhook-triggered actions can do.
url: "https://your-clawdbot-url/webhook/home-assistant" ... Authorization: "Bearer {{ webhook_secret }}" ... Clawdbot receives the webhook and can notify you or take action based on the event.Use HTTPS, a unique high-entropy webhook secret, validate the Authorization header on receipt, and restrict webhook-triggered flows to low-risk actions unless the user approves escalation.