Control4 Home
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill appears to control a Control4 home as described, but it gives the agent broad authority over physical and security-related devices, so it should be reviewed carefully before use.
Install only if you trust the skill author and are comfortable giving the agent control over your Control4 home. Keep credentials secure, pin the pyControl4 dependency, restrict device mappings to intended devices, and require explicit human approval for garage, gate, lock, alarm, and other security-sensitive actions.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overly broad agent action could change home devices such as relays, garage/gate controls, alarms, or other Control4-managed systems.
The skill intentionally exposes raw Control4 method calls, including security-panel operations, and only advises confirmation when intent is ambiguous. This is broad authority over physical/security devices without a clearly enforced confirmation or allowlist.
Call any exposed pyControl4 method: ... security-panel ... --method setArm --allow-sensitive ... Treat gate/door/alarm relays as sensitive actions. Confirm before running high-risk commands if user intent is ambiguous.
Restrict generic method calls to an allowlist, require explicit human confirmation for all locks, gates, garage doors, alarms, and security-panel actions, and avoid using --allow-sensitive unless the user has clearly approved the exact action.
Anyone or any process with access to the `.env` file may be able to control the connected Control4 system.
The skill needs Control4 credentials and controller access. That is expected for a Control4 integration, but these credentials grant meaningful control over the user's home and should be handled carefully.
Create `scripts/.env` (or export env vars) with: `CONTROL4_USERNAME`, `CONTROL4_PASSWORD`, `CONTROL4_CONTROLLER_IP`
Use the least-privileged Control4 account available, keep `.env` out of source control and backups where possible, and review file permissions on the skill directory.
Installing an unpinned package version could change behavior or introduce dependency risk.
The skill's frontmatter pins pyControl4, but the manual setup command installs pyControl4 without a version pin. The dependency is central to the purpose, but users should avoid accidentally installing an unexpected version.
`packages`: [`pyControl4==1.6.0`] ... `.venv-control4/bin/pip install pyControl4`
Install the pinned version, for example `pip install pyControl4==1.6.0`, and verify the package source before use.