Local Tuya Light Control
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can turn lights or groups on/off and change brightness or colors when invoked for that purpose.
The skill instructs the agent to run local CLI or Python commands that directly control smart lights. This is expected for the skill's purpose, but it is still real device-control authority.
.\lampctl.exe stehlampe on ... cd ~/src/tuya-lights && lampctl all off ... python lamp_control.py stehlampe on
Use this skill only for intended lamp-control requests, and review broad commands such as controlling the 'all' group.
Anyone or anything with the updated local key may be able to control the associated lamps on the local network.
Tuya local_keys are device-control credentials. Handling them is purpose-aligned for local Tuya onboarding, but the registry metadata does not declare a credential contract.
assume the `local_key` may have changed. Read `KEY_EXTRACTION.md` and `ONBOARDING.md`, refresh the key ... update `tuya_lamps.json`.
Keep tuya_lamps.json and any extracted local keys private, and only refresh keys through trusted local tooling.
The skill's safety depends on the trusted local tuya-lights project and its helper programs.
The reviewed skill contains only instructions and references external local binaries/scripts that were not included in the artifact set, so their behavior and provenance were not reviewed.
Preferred CLI: `lampctl.exe` ... Python fallback: `lamp_control.py` ... Single-device probe: `tuya_test_lamp.py`
Verify the local lampctl binary and Python scripts come from a trusted source before using the skill.
A mistaken or untrusted path written into the skill could cause future runs to use the wrong local project or executable.
The skill permits persistent edits to its own instruction file for path configuration. This is narrow and purpose-aligned, but changes to stored instructions affect future invocations.
If the local installation uses a different location, adjust this SKILL.md to match the actual project path.
Only update SKILL.md paths to trusted local directories and review any persistent edits.