ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Home Assistant

v1.0.1

Walks through connecting Home Assistant to an OpenClaw claw or any MCP-compatible client. Covers MCP integration options, network setup, authentication, and...

1· 40·0 current·0 all-time
byPhilippe Lafoucrière@lafoush
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description (connect Home Assistant to an MCP client) aligns with the SKILL.md steps: network setup, creating a long‑lived HA token, and configuring MCP clients. Requiring a Home Assistant access token and pointing at an MCP endpoint is expected. However, the registry metadata claims no required env vars/credentials while SKILL.md declares a required HA_TOKEN (full API access) — an inconsistency.
Instruction Scope
The SKILL.md stays within the stated purpose: it tells the operator to verify an MCP endpoint, create a HA long‑lived token, and configure MCP clients (examples for Claude Desktop/Claude Code/mcporter). It instructs running curl for verification and using npx/mcp-remote in examples. The guidance explicitly recommends storing the token and even shows placing the token directly into client args/config; that increases the risk of token exposure (encouraging plaintext token in a config file). No instructions were found that reach beyond Home Assistant/MCP configuration, but the file is truncated so later steps could matter.
Install Mechanism
This is an instruction-only skill with no install spec or code files (low installer risk). Example commands use npx (which will fetch an npm package at runtime) and reference external integrations (Selora AI, mcporter) — those are expected but mean the operator will download third‑party packages; the skill itself does not embed installers.
!
Credentials
The SKILL.md declares a required credential: a Home Assistant long‑lived access token with full API scope — that is proportionate for connecting an MCP client. The concern is that the registry metadata does not list any required environment variables/credentials (contradiction). Also several examples encourage pasting the token into configuration/args which increases the chance of accidental leakage; the doc does recommend best practices but the examples still show insecure patterns for some clients (e.g., embedding the token in Claude Desktop args).
Persistence & Privilege
The skill does not request persistent/always inclusion (always: false) and does not declare modifications to other skills or system settings. Nothing in the SKILL.md asks the agent to change agent-wide configuration beyond adding an MCP server to clients, which is within scope.
What to consider before installing
This skill appears to do what it says (connect Home Assistant to MCP clients) and legitimately needs a long‑lived Home Assistant token, but exercise caution before installing or following instructions. Key points to consider: - Verify origin and code: the registry entry has no homepage or source; ask the publisher for the integration/source code (especially for the Selora AI integration) and review it before installing on a home system. - Metadata mismatch: SKILL.md requires a HA_TOKEN but the registry metadata lists no required credentials — ask the publisher to correct this and confirm how credentials are handled. - Limit token scope: create a dedicated HA user with minimal permissions for MCP access if possible. Treat long‑lived tokens as highly sensitive and rotate/delete them if exposure is suspected. - Avoid embedding tokens in plaintext configs: the Claude Desktop example encourages pasting the token into a JSON config; prefer client support for environment variables, OS keychain, or a secrets manager. If a client forces plaintext tokens, consider that an operational risk. - Prefer secure tunnels and HTTPS (do not expose HA over plain HTTP to the internet). Follow the doc's own caution about --allow-http. - Audit third‑party components: examples use npx mcp-remote and point to SeloraBox/Selora AI and mcporter; review those packages/repos before executing network installs or running the bridge on your machine. If you cannot verify the source, repository, or the Selora integration's code and trustworthiness, do not proceed with exposing a full‑access HA token to external clients.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dc46rfv4aad9ca9nv5x0jg9844yxt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments