Grid-Aware Energy Load Shifter
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is transparent about managing Home Assistant energy devices, but it gives the agent broad power to change real household devices and automations without clearly requiring confirmation or entity-level limits.
Install only if you want the agent to read Home Assistant energy data and potentially operate real devices. Start with discover and energy-summary, use a dedicated limited Home Assistant token, and require manual approval before any call-service action.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could turn devices on or off, change thermostat or water-heater settings, or trigger automations/scripts that have wider effects, causing unexpected energy cost, comfort, or safety impacts.
The bridge restricts only by broad Home Assistant service domain. These domains can operate real appliances or trigger scripts/automations, and the visible artifacts do not enforce an entity-level allowlist or mandatory user confirmation for write actions.
ALLOWED_SERVICE_DOMAINS = { "switch", "automation", "script", "climate", "water_heater", "input_boolean", "input_number", "number" }Require explicit user confirmation for every service call, use a dedicated Home Assistant account with entity-level limits, and add a stricter allowlist for exact entities and services.
If the token belongs to a powerful Home Assistant user, the agent may be able to read many home states and control many devices.
A long-lived Home Assistant token is expected for this integration, but it delegates the privileges of the Home Assistant account to the agent.
`HA_TOKEN` | Home Assistant Long-Lived Access Token
Create a dedicated Home Assistant user/token for this skill, restrict entity access where possible, and revoke the token if the skill is no longer used.
Energy, battery, device, or usage data may be brought into the agent context for analysis.
Discovery fetches Home Assistant state data and then filters for energy-related entities. This is purpose-aligned, but Home Assistant states and attributes can reveal household telemetry and device names.
all_states = ha_request("GET", "/api/states", config)Use the read-only commands first, review the JSON output, and restrict the Home Assistant account to only the entities needed for energy optimization.
Users have less external provenance information to verify who maintains the Home Assistant bridge.
The provided artifacts include the script content, but the registry metadata does not identify a source repository or homepage for provenance.
Source: unknown; Homepage: none
Review the included files before use and prefer installing from a source you can verify.