ClawHub

Grid-Aware Energy Load Shifter

v1.0.3

Grid-aware energy load shifter for Home Assistant. Reads real-time electricity prices (TOU, time-of-use, dynamic pricing), solar production forecasts, batter...

0· 475·0 current·1 all-time
byOmer Bese@mrbese
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (grid-aware energy load shifting) match what the skill requires and does: it only needs HA_URL and HA_TOKEN, exposes discovery, summary, history, status, and controlled service calls for energy domains, and includes a single small Python bridge that uses the HA REST API.
Instruction Scope
SKILL.md instructs the agent to read HA energy entities and to call HA services limited to energy-related domains. It does not instruct broad file reads, other environment variables, or exfiltration to external endpoints. It explicitly recommends least‑privilege tokens and read‑only testing first.
Install Mechanism
No install spec; this is instruction‑only plus a single Python stdlib script (no external downloads or package installs). The included script claims zero external dependencies and uses only urllib/json/argparse from the stdlib.
Credentials
Only HA_URL and HA_TOKEN are required, which is appropriate for a Home Assistant integration. The SKILL.md and README document why these are needed and suggest scoped, dedicated tokens.
Persistence & Privilege
The skill is not marked always:true and does not request to modify other skills or system-wide settings. It runs on demand and the code does not persist additional credentials or write system-wide configuration.
Assessment
This skill appears to be what it claims: a small REST bridge to Home Assistant for energy-related discovery and limited service calls. Before installing, follow these precautions: 1) Create a dedicated Home Assistant user for this skill and generate a Long‑Lived Access Token from that account; limit that account's entity access if your HA supports entity-level permissions. 2) Start by running read-only commands (discover, energy-summary) to verify detected entities before enabling call-service. 3) Inspect the included scripts (scripts/ha_bridge.py) yourself—it uses only the HA REST API and standard Python libs, but verify there are no unexpected remote endpoints in the full file. 4) Restrict HA_URL to an internal/local address (do not point to an internet‑exposed HA instance) and place HA on a segmented network if possible. 5) Monitor Home Assistant logs for unexpected service calls and rotate/revoke the token when no longer needed.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e2h66qfdxabk0pk2cjpj5sd81qrmwlatest energy home-assistantvk978ys603jv6xpgzbrhf0zjhy581pvtxlatest energy home_asistant HAvk979zg18pt5tnmakcvv26ybyg981qres

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
EnvHA_URL, HA_TOKEN

Comments