ClawHub

Grid-Aware Energy Load Shifter

Security checks across malware telemetry and agentic risk

Overview

This skill is disclosed and purpose-aligned, but it needs review because it can control real Home Assistant devices using broad service calls.

Install only if you want an agent to read Home Assistant energy data and potentially control real devices. Use a dedicated Home Assistant account/token limited to approved energy entities, start with read-only commands, and require manual approval before any call-service action, especially for HVAC, water heaters, batteries, EV chargers, scripts, or automations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill requires environment-provided credentials and performs networked Home Assistant access, but these capabilities are not declared in a formal permissions model. That creates a transparency and review gap: operators may approve the skill without understanding that it can read sensitive home telemetry and issue authenticated API requests. In a home automation context, undocumented env/network use materially increases risk because the token can enable broad visibility and device control.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The documentation promises a narrowly scoped energy-optimization skill, but the described behavior is a more general Home Assistant bridge that can discover entities, read arbitrary status/history, and invoke service calls across several domains. This mismatch is dangerous because reviewers and users may grant trust and credentials under the assumption of analytics-only behavior, while the skill can actually control physical systems such as HVAC, water heaters, and EV chargers. In cyber-physical environments, capability understatement increases the chance of unsafe or unauthorized actions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly advertises direct device-control capability (`call-service switch/turn_on`) without any warning, confirmation requirement, or discussion of safety boundaries. In this skill’s context, the affected devices include EV chargers, HVAC, water heaters, and other high-load appliances, so normalizing direct actuation increases the chance an agent or user triggers unsafe, unwanted, or costly actions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill encourages actions that directly change the state of home equipment—turning on chargers, adjusting climate setpoints, controlling water heaters, and battery dispatch—without a prominent warning about safety, comfort, wear, or utility-program consequences. Even if intended for legitimate energy management, these are operationally significant actions that can cause occupant discomfort, equipment stress, unexpected energy costs, or conflict with existing automations. The Home Assistant context makes this more dangerous because commands may be executed against live physical devices in a residence.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal