Moltbot Home Assistant
Security checks across malware telemetry and agentic risk
Overview
This skill is a clearly disclosed Home Assistant control helper, but it should be installed only by users comfortable granting an agent smart-home control.
Before installing, verify that you trust the external moltbot-ha CLI package, use a dedicated Home Assistant token where possible, keep HA_TOKEN out of files and logs, configure allowed_entities and blocked_entities for sensitive devices, and keep confirmation enabled for locks, alarms, garage doors, covers, scripts, and automations that can affect safety.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.