Back to skill

Security audit

Home Assistant

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its Home Assistant purpose, but it asks users to paste an OAuth callback URL containing authorization data into chat, so it should be reviewed before installation.

Install only if you are comfortable granting the agent Home Assistant control through Selora Connect. Prefer same-machine OAuth completion where the browser redirect reaches OpenClaw directly. Do not paste full OAuth callback URLs, codes, tokens, or similar login parameters into chat unless the publisher replaces this fallback with a safer out-of-band flow or provides clear redaction guidance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs users to paste the full OAuth callback URL, including `code` and `state`, back into the agent conversation. Authorization codes are sensitive, and exposing them in chat can allow interception, replay, logging, or unintended retention in agent/provider systems; in this context the agent may then act on behalf of the user's Home Assistant account.

Ssd 3

High
Confidence
99% confidence
Finding
This fallback explicitly asks the user to provide OAuth authorization parameters back through the agent channel, which is an unsafe credential-handling pattern. Even short-lived codes are bearer-like during the exchange window and may be stored in logs, transcripts, or third-party infrastructure, enabling account linkage or token issuance if mishandled.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.