ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Home Assistant Control

v1.0.0

Control Home Assistant entities via REST API. Use when the user asks to control lights, climate, switches, or other HA entities. Supports climate (thermostat...

0· 46·0 current·0 all-time
by@ricanwarfare
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, description, README, SKILL.md and the included scripts all consistently implement Home Assistant REST API control (climate, lights, switches, sensors). Requiring curl and jq is appropriate. However the SKILL.md and scripts expect a credentials file at ~/.openclaw/credentials/homeassistant.json, but the registry metadata reports no required config paths; also SKILL.md references a scripts/service.sh that is not present in the file manifest. These mismatches reduce confidence in the packaging.
!
Instruction Scope
The runtime instructions and scripts explicitly read a credentials file in the user's home directory (~/.openclaw/credentials/homeassistant.json) and use the long-lived HA token it contains. That file path is part of the skill's runtime surface but is not declared in registry metadata. The scripts otherwise only call the Home Assistant API (no external endpoints). SKILL.md examples embed a specific local IP (http://192.168.2.82:8123) from MEMORY.md which looks like leftover documentation and may confuse users. Also SKILL.md references scripts/service.sh which is missing.
Install Mechanism
There is no install spec (instruction-only style) and included scripts are plain shell scripts. This is lower risk than arbitrary downloads. Nothing in the install flow writes binaries to unexpected system locations. However the missing referenced script (service.sh) suggests the package may be incomplete.
!
Credentials
The skill requires a long-lived Home Assistant token (sensitive) stored in a local credentials JSON file, which is reasonable for the stated purpose — but the registry lists no required environment variables or config paths. Additionally, the scripts use bc for a numeric comparison in climate.sh but 'bc' is not listed in required binaries. The undeclared access to a credentials file means a sensitive secret will be read from disk without that being visible in the metadata.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It does not attempt to modify other skills or system-wide configuration. Autonomous invocation is allowed (platform default) but not combined with other high-risk flags.
What to consider before installing
This skill appears to implement Home Assistant control and the scripts will talk only to your Home Assistant instance — which is expected — but there are several packaging inconsistencies you should resolve before installing or running it: - The scripts expect a credentials file at ~/.openclaw/credentials/homeassistant.json containing {"url":"...","token":"LONG_LIVED_ACCESS_TOKEN"}. That path is not declared in the registry metadata; verify you are comfortable storing a long-lived HA token there and ensure file permissions are restrictive (chmod 600). - SKILL.md and README mention a scripts/service.sh for generic service calls, but service.sh is not included in the manifest. Ask the author for the missing script or remove references; running with missing pieces may lead to confusing failures. - climate.sh uses bc for floating-point comparisons but 'bc' is not listed in required binaries. Ensure bc is installed or the script may fail. - The documentation contains a hard-coded private IP (http://192.168.2.82:8123) likely leftover from the author's environment—update to your HA URL before running anything. - The scripts only send requests to the configured HA URL and do not call external endpoints, but because they read a local file containing a long-lived token, treat that token as sensitive. Consider creating a token with the minimum necessary privileges or using a dedicated integration with more limited scope if possible. If the token is ever exposed, revoke it from your Home Assistant profile immediately. If the author can (1) add the credentials path to the skill metadata, (2) include or remove references to the missing service.sh, and (3) list bc in required binaries, the package would be much clearer and the remaining risks are typical for an integration that requires a local access token.

Like a lobster shell, security has layers — review code before you run it.

automationvk9732tsjpx6qrwqf94wapep81n84ct2aclimatevk9732tsjpx6qrwqf94wapep81n84ct2ahome-assistantvk9732tsjpx6qrwqf94wapep81n84ct2aiotvk9732tsjpx6qrwqf94wapep81n84ct2alatestvk9732tsjpx6qrwqf94wapep81n84ct2asmart-homevk9732tsjpx6qrwqf94wapep81n84ct2a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🏠 Clawdis
Binscurl, jq

Comments