ClawHub

Home Assistant

Security checks across malware telemetry and agentic risk

Overview

This Home Assistant setup skill is mostly coherent, but it tells users to paste a sensitive OAuth callback URL into chat during cross-device setup.

Review before installing. Use this only if you trust Selora Connect and the OpenClaw environment that will store Home Assistant OAuth tokens. Prefer completing OAuth in a browser on the same machine as OpenClaw, and avoid pasting a full callback URL into chat unless you understand it may contain temporary authorization material. Confirm any automation creation, enablement, deletion, or suggestion acceptance before allowing it to run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs the user to paste the full OAuth callback URL back into the agent conversation, which can include the authorization code and state. Authorization codes are sensitive bearer-like artifacts during the exchange window, and exposing them to the agent/chat layer increases the risk of interception, logging, replay, or misuse if any component stores or forwards conversation contents.

Ssd 3

High
Confidence
99% confidence
Finding
As written, the fallback directs users to disclose the full redirect URL, which contains OAuth authorization parameters, into the agent conversation. That creates a direct secret-exposure path because chat transcripts, telemetry, plugins, or operators may gain access to the authorization code and state, undermining the normal boundary between the browser redirect and the local OAuth client.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal