Home Assistant
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a transparent Home Assistant integration, but it gives the agent broad ability to change smart-home device states and trigger automations using a long-lived token, so it should be reviewed and tightly scoped before use.
Install this only if you want Clawbot to control your Home Assistant instance. Before enabling it, create a dedicated token/account if possible, limit which devices and services the agent may use, protect the token file, and require confirmation for actions that affect safety or security such as garage doors, covers, locks, alarms, climate, scripts, and automations.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or over-broad agent action could turn devices on/off, change climate settings, open covers such as a garage, or trigger automations affecting multiple devices.
The wrapper exposes an arbitrary Home Assistant service-call path. Combined with documented commands for automations, scripts, climate, scenes, and device control, this gives broad mutation authority without built-in scoping or confirmation.
call)
# Call any service: ha.sh call <domain> <service> [json_data]
...
api -X POST "$HA_URL/api/services/$domain/$service" -d "$data"Use a dedicated Home Assistant account/token with the least access possible, restrict which entities/services the agent may use, and require explicit user confirmation for sensitive actions such as doors, covers, alarms, climate, locks, scripts, and automations.
Anyone or any process that obtains the token may be able to control the Home Assistant instance with that token's privileges.
The skill requires a persistent Home Assistant bearer token. This is purpose-aligned, but such tokens can carry significant authority over the user's home automation environment.
Create `~/.config/home-assistant/config.json`:
{"url": "https://your-ha-instance.duckdns.org", "token": "your-long-lived-access-token"}Store the token securely, avoid sharing the config file, rotate the token if exposed, prefer HTTPS for remote access, and use a dedicated low-privilege Home Assistant user if available.
If the webhook secret is weak, leaked, or misconfigured, external events could influence the agent or trigger unintended notifications/actions.
The skill documents inbound webhook events from Home Assistant that may cause the agent to take action. A bearer secret is shown, but allowed actions and validation boundaries are not defined in the artifacts.
url: "https://your-clawdbot-url/webhook/home-assistant" ... Authorization: "Bearer {{ webhook_secret }}" ... Clawdbot receives the webhook and can notify you or take action based on the event.Use a strong webhook secret, restrict what webhook payloads can trigger, validate event types, and require confirmation before webhook-driven events cause sensitive device actions.
It may be harder to verify who maintains the skill or compare it against an upstream project.
The registry metadata does not identify an upstream source or homepage. This is a provenance gap, although the included script and docs are available in the artifact set and no remote install mechanism is shown.
Source: unknown Homepage: none
Review the included files before use and prefer skills with clear provenance, maintainer identity, and update history for high-impact integrations.