ClawHub

Home Assistant CLI

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate Home Assistant CLI helper, but it should be treated as powerful because it uses a long-lived smart-home token and can control real devices.

Install this only if you want OpenClaw to help operate your Home Assistant instance. Use a restricted Home Assistant account if possible, keep HASS_TOKEN out of logs, screenshots, shell history, and version-controlled dotfiles, and require explicit confirmation before commands that affect alarms, locks, covers, climate, appliances, or security-related automations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README instructs users to place a long-lived Home Assistant token directly into a persistent shell startup file, which can expose the credential through dotfile backups, shared repos, shell-history-adjacent workflows, local multi-user access, and accidental disclosure during support/debugging. Because this token grants direct API access to home automation controls, compromise could let an attacker monitor or control devices and query history.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs users to store a long-lived Home Assistant access token in an environment variable and shell config, but it does not warn that this credential grants broad control over the smart home and may be exposed through shell history, process environments, shared terminals, backups, or accidentally committed dotfiles. In this context, compromise of the token could allow unauthorized device control and access to home state data.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The documented event watch and state history commands can reveal sensitive behavioral information such as occupancy patterns, routines, and device activity, yet the skill presents them as routine examples without any privacy warning. While these commands are expected features of Home Assistant, the absence of caution increases the chance that users will expose or overshare sensitive household telemetry.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The examples demonstrate direct Home Assistant service calls that can unlock/alter the physical environment, affect security posture, and trigger automations without any warning that these commands have real-world effects. In a skill intended to control a live home-automation system, copy-pasteable examples that arm alarms, open covers, control climate, and trigger devices can lead to unintended physical or security consequences if used blindly.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The troubleshooting guide instructs users to print the Home Assistant long-lived token with `echo $HASS_TOKEN`, which directly exposes a sensitive credential in terminal output, shell history capture, screenshots, logs, or shared sessions. In the context of Home Assistant, possession of this token can permit broad API access to the user's home automation environment.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The example `hass-cli --server ... --token YOUR_TOKEN info` normalizes passing the Home Assistant token on the command line, where it may be exposed via shell history, process listings, audit logs, and remote session recording. Because this token authenticates to Home Assistant, disclosure could enable unauthorized control or observation of connected devices and household data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal