Eightctl
Control Eight Sleep pods (status, temperature, alarms, schedules).
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 6 · 6.4k · 750 current installs · 766 all-time installs
byPeter Steinberger@steipete
MIT-0
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description (control Eight Sleep pods) matches the commands shown in SKILL.md (status, temp, alarms, schedules). The functionality described is internally consistent with using an eightctl CLI.
Instruction Scope
SKILL.md's runtime instructions are narrowly scoped to invoking the eightctl CLI and using its subcommands. It does not instruct reading unrelated system files or sending data to third-party endpoints beyond the Eight Sleep API.
Install Mechanism
SKILL.md front-matter includes an install entry that builds/installs eightctl from a GitHub Go module (github.com/steipete/eightctl@latest). Installing from a public GitHub Go module is a common, traceable choice but is higher-risk than an instruction-only skill because it compiles and writes a binary to disk; verify the upstream source before building.
Credentials
SKILL.md references a config path (~/.config/eightctl/config.yaml) and environment variables EIGHTCTL_EMAIL and EIGHTCTL_PASSWORD, but the registry metadata claims 'no required env vars' and 'no install spec'. This inconsistency is concerning: the skill expects account credentials (sensitive) that were not declared by the registry.
Persistence & Privilege
Skill is not always-enabled and does not request elevated platform privileges or modify other skills. It appears to be invoked only when used.
Scan Findings in Context
[no_regex_findings] expected: The repository contains only SKILL.md (no code files), so the regex scanner had nothing to analyze. The SKILL.md itself includes install metadata which the registry summary omitted.
What to consider before installing
This skill appears to do what it claims (control Eight Sleep pods) but there are mismatches between the registry metadata and the SKILL.md: the skill expects a local eightctl binary and your Eight Sleep credentials (EIGHTCTL_EMAIL / EIGHTCTL_PASSWORD or ~/.config/eightctl/config.yaml), yet the registry declared no env or install requirements. Before installing or enabling: 1) verify the source (visit the eightctl upstream repo at github.com/steipete/eightctl) and inspect the code you will build; 2) prefer creating a limited account or API credentials rather than using your primary account/password; 3) if you don't want to build/install binaries, ensure your agent environment already has a vetted eightctl binary; 4) ask the publisher to correct registry metadata so required env vars and install steps are explicit. These steps reduce risk even though the skill itself is not clearly malicious.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎛️ Clawdis
Binseightctl
Install
Install eightctl (go)
Bins: eightctl
go install github.com/steipete/eightctl/cmd/eightctl@latestSKILL.md
eightctl
Use eightctl for Eight Sleep pod control. Requires auth.
Auth
- Config:
~/.config/eightctl/config.yaml - Env:
EIGHTCTL_EMAIL,EIGHTCTL_PASSWORD
Quick start
eightctl statuseightctl on|offeightctl temp 20
Common tasks
- Alarms:
eightctl alarm list|create|dismiss - Schedules:
eightctl schedule list|create|update - Audio:
eightctl audio state|play|pause - Base:
eightctl base info|angle
Notes
- API is unofficial and rate-limited; avoid repeated logins.
- Confirm before changing temperature or alarms.
Files
1 totalSelect a file
Select a file to preview.
Comments
Loading comments…