Dirigera Control (IKEA smart home)
v1.0.3Control IKEA Dirigera smart home devices (lights, outlets, scenes, controllers). Use when the user asks to control smart home devices, check device status, turn lights on/off, adjust brightness/color, control outlets, trigger scenes, check battery levels, or work with IKEA smart home automation. Also use when the user needs help finding the Dirigera hub IP address or generating an API token. Accessible via Cloudflare tunnel on VPS.
⭐ 2· 2.2k·0 current·0 all-time
byFrederik Lind@falderebet
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Dirigera hub control) match the included scripts and documentation: subnet scanning, token generation (OAuth PKCE flow), and device control via the 'dirigera' Python library. Nothing in the package requests unrelated cloud credentials or services.
Instruction Scope
Runtime instructions and scripts stay within the scope of discovering a local hub, waiting for a physical button press, saving a locally-created token, and then controlling devices. They do perform LAN scanning (ARP parsing and TCP probes on a subnet) and may invoke local subprocesses (e.g., generate-token). This is coherent for hub discovery but is network-probing behavior users should be aware of.
Install Mechanism
No packaged install step is included (instruction-only install). The README asks the user to pip install the 'dirigera' library and the generate-token wrapper imports 'requests' and exits if missing. There are no downloads from untrusted URLs or archive extraction steps in the skill.
Credentials
The skill declares no required environment variables or credentials. Token generation writes an access token to a local file by default (dirigera_token.txt) — this is necessary for operation but is sensitive and documented. No unrelated secrets or system credentials are requested.
Persistence & Privilege
The skill is not always-enabled and does not request elevated/persistent platform privileges. It uses local files to store the token (user-configurable) and does not modify other skills or system-wide agent settings.
Assessment
This skill appears to do what it says: find a Dirigera hub on your LAN, guide a user through pressing the hub's action button, save the resulting token locally, and control devices via the 'dirigera' Python library. Before installing/using it:
- Run the scripts only on a trusted machine on the same LAN as your Dirigera hub. The find_dirigera_ip script performs ARP parsing and TCP probes across the local subnet — expected for discovery but consider network policies if you're on a managed network.
- The token generation saves an access token to a local file (default: dirigera_token.txt). Treat that file as sensitive: choose a safe output path, restrict filesystem permissions, and delete it when no longer needed.
- The generate-token wrapper disables SSL verification (verify=False) and suppresses warnings to work with the hub's local certificate; this is necessary for local hub interaction but be aware it skips TLS validation for the hub endpoint only.
- The description mentions a Cloudflare tunnel on a VPS; the skill does not install or configure any tunnel. Exposing your hub to the Internet via tunnels is outside the scope of these scripts and increases risk — do not expose the hub unless you understand the implications and secure the tunnel.
- Inspect and run the code in an isolated environment (virtualenv) and audit network activity if you have concerns. If you need higher assurance, review the 'dirigera' PyPI package source before installing.
Overall: coherent and consistent with its purpose, but handle the generated token and any decision to expose the hub to the internet with care.Like a lobster shell, security has layers — review code before you run it.
latestvk970hvjkfcpegq08w0f9h9c97580gy9q
License
MIT-0
Free to use, modify, and redistribute. No attribution required.