ClawHub

Home Assistant

Security checks across malware telemetry and agentic risk

Overview

The skill is a real Home Assistant connector, but its summary presents read/search use while it also grants device-control and event-triggering authority.

Review this before installing if your Home Assistant instance controls locks, alarms, doors, appliances, or other sensitive devices. Only use it with an OOMOL/Home Assistant account whose permissions you are comfortable granting, and require explicit confirmation before any service call, event firing, or other state-changing action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The manifest says the skill is for 'searching and reading data,' but the documented actions include `call_service` and `fire_event`, which can modify Home Assistant state. This mismatch can cause downstream agents or users to trust the skill as read-only and invoke it in contexts where state-changing operations should require stricter consent and review.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The documentation creates a misleading safety boundary by advertising the skill for 'searching and reading data' while later exposing control operations that can change device state. In an agent setting, such inconsistency increases the chance of unsafe automation, accidental device control, or bypass of policies intended for read-only tools.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill metadata says it should be used for Home Assistant searching and reading data, but this documented action triggers `home_assistant.fire_event`, which is a write/state-changing capability. That mismatch can cause an agent or user to invoke the skill under the assumption it is read-only, enabling unintended automations, side effects, or privilege misuse in a home environment.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The phrase 'Use this skill for ANY Home Assistant request' is overly broad and may cause the agent to route all Home Assistant tasks through this skill without considering narrower or safer alternatives. Because the skill includes mutating operations, broad invocation language raises the risk of unintended control actions in response to ambiguous user requests.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal