Homey - Home Automation
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: homey-cli Version: 1.0.0 The provided `_meta.json` and `SKILL.md` files describe a skill for controlling a Homey home automation hub. The `SKILL.md` clearly outlines the skill's purpose, setup, and usage, emphasizing a 'Safety Model' with 'capability-allowlisted' operations and explicitly stating that 'Destructive operations are not supported'. While the skill involves handling sensitive Homey API credentials and OAuth tokens, the instructions specify local storage in `.env` files and `~/.config/homey-cli/`, which is standard practice. There is no evidence of prompt injection attempts against the agent, data exfiltration, malicious execution, or obfuscation within the provided content. The instructions are transparent and align with the stated benign purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could change real device states or trigger automations with wider side effects than the user intended.
The skill exposes commands that mutate smart-home devices and trigger Homey flows, but the artifacts do not show a confirmation requirement, flow allowlist, device allowlist, or rollback/containment model.
bash run.sh devices on <deviceId> ... bash run.sh devices off <deviceId> ... bash run.sh flows trigger <flowId>
Require explicit user confirmation for every write or flow trigger, restrict allowed devices/flows/capabilities, and show the exact target and expected effect before execution.
A user would be asked to run unreviewed or missing local code before granting Homey account access.
The provided manifest contains only SKILL.md and no install spec or code files, yet the instructions refer to npm dependencies and a run.sh helper. This leaves the actual CLI implementation and safety claims unverifiable from the submitted artifacts.
cd skills/homey-cli npm install ... bash run.sh auth login
Include the referenced package files, lockfile, and run.sh in the reviewed artifact set, or remove the executable setup instructions until the implementation can be verified.
Anyone with access to the token files may be able to control or inspect the user's Homey environment.
Homey OAuth credentials and stored tokens are expected for this integration, but they provide ongoing access to the user's Homey account and devices.
export HOMEY_CLIENT_ID="your-client-id" export HOMEY_CLIENT_SECRET="your-client-secret" ... Tokens are stored in `~/.config/homey-cli/`.
Declare the credential requirements in metadata, protect the token directory, and revoke the Homey app credentials if the skill is removed or no longer trusted.
Users may over-trust the safety label and allow actions that are broader than simple device toggles.
The skill emphasizes safety and allowlisting, but the artifacts do not show code proving the allowlist, and flow triggering is presented as available despite flows potentially causing broad side effects.
Safe, capability-allowlisted operations only. ... Flow Operations ... bash run.sh flows trigger <flowId>
Document the exact safety boundaries, especially for flows, and avoid claiming allowlisted safety unless the reviewed implementation enforces it.