Sensibo
v1.0.0Control Sensibo smart AC devices via their REST API. Use when the user asks to turn on/off AC, change temperature, set modes, check room temperature/humidity, or manage climate schedules. Triggers on phrases like "turn on AC", "set bedroom to 22", "how hot is it", "AC off", "cooling mode".
⭐ 1· 1.6k·1 current·1 all-time
by@omere2
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Sensibo AC control) matches the runtime instructions: curl examples for turning devices on/off, changing temperature/mode/fan, reading measurements, schedules, and smartmode. Required tools, env vars, and config paths are none, which is consistent for an instruction-only wrapper that expects a Sensibo API key supplied by the user.
Instruction Scope
SKILL.md gives precise curl commands and explicitly instructs the agent to obtain an API key from Sensibo and to record device IDs and the API key in a workspace TOOLS.md file, then use the key in query parameters. The scope stays within controlling Sensibo devices. Note: advising plaintext storage of the API key in TOOLS.md expands the attack surface if that file is accessible to other skills or agents—this is a privacy/security practice consideration rather than protocol incoherence.
Install Mechanism
No install spec and no code files: instruction-only. This is low risk because nothing is downloaded or written by an installer.
Credentials
The skill requests no environment variables or credentials in metadata. However, the instructions require the Sensibo API key and device IDs and instruct the user to store them in TOOLS.md. Requesting a single Sensibo API key is proportionate, but the guidance to store the key in plaintext in a workspace file should be treated as a security choice by the user.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent privileges or changes to other skills or system settings. Autonomous invocation is allowed by default but not excessive here.
Assessment
This skill appears to do exactly what it says: provide curl examples and guidance for using the Sensibo REST API. Before installing or using it, consider: 1) where you will store the Sensibo API key—TOOLS.md is suggested but is plaintext and may be accessible to other skills or users; prefer secure secret storage or environment variables with restricted access if your agent/environment supports them; 2) restrict which agent processes can read workspace files if you don't want keys exposed; 3) verify the Sensibo URLs are correct and obtained from Sensibo's official docs (they are in SKILL.md); 4) be aware that enabling autonomous invocation means the agent could use any key you place in the workspace when it decides to call this skill—only store the key if you trust the agent's permitted actions. Other than that, there are no surprising installs or unrelated credentials requested.Like a lobster shell, security has layers — review code before you run it.
latestvk975pztkwtd5wkp95c39r47dfx80fagc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.