ClawHub

Home Assistant CLI

v1.0.0

Advanced Home Assistant control using the official hass-cli tool. Features auto-completion, event monitoring, history queries, and rich output formatting. Alternative to the curl-based homeassistant skill - choose this if you want a more interactive CLI experience with better discovery and formatting.

11· 3.7k·18 current·18 all-time
by@joneschi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill's name, description, and commands align with a Home Assistant CLI wrapper and legitimately need the hass-cli binary and access to a Home Assistant server. The install options (pip/homebrew) are appropriate for a Python CLI tool.
!
Instruction Scope
SKILL.md instructs the agent/user to set HASS_SERVER and HASS_TOKEN, test connections, and even echo $HASS_TOKEN in troubleshooting — but the skill metadata did not declare any required environment variables. The instructions otherwise stay within Home Assistant control scope and do not ask to read system files outside of typical shell configs.
Install Mechanism
Install spec uses pip and Homebrew formulas for homeassistant-cli, which is expected for this upstream project and is a low-to-moderate risk install path. No download-from-URL or arbitrary extraction is used.
!
Credentials
Runtime usage clearly requires a long-lived Home Assistant token (HASS_TOKEN) and server URL (HASS_SERVER). Those sensitive environment variables are not listed in requires.env or primary credential fields in the metadata — an omission that reduces transparency and could cause unintentional credential exposure. The troubleshooting guidance suggests echoing the token and using --insecure for certs, both of which can weaken secrecy or security if followed without caution.
Persistence & Privilege
The skill does not request permanent/always-on inclusion (always:false), does not modify other skills, and does not claim access to unrelated config paths or credentials. Autonomy is enabled by default (disable-model-invocation:false) which is standard and not by itself a red flag.
What to consider before installing
This skill appears to be a straightforward wrapper around the official hass-cli tool, but the metadata is missing the fact that you must provide HASS_SERVER and a long-lived HASS_TOKEN. Before installing: (1) verify the pip/homebrew package comes from the official project (check maintainers and repo), (2) be prepared to supply a Home Assistant long-lived access token — treat it like a password and avoid echoing it into terminals or logs, (3) avoid using --insecure in production (it disables SSL verification), (4) prefer storing the token in a secure secret store instead of exporting it in a shared shell config, and (5) consider whether you want an agent with autonomous invocation to run hass-cli commands against your home network. The metadata omission lowers transparency; ask the publisher to add required env vars (HASS_SERVER, HASS_TOKEN) to the skill manifest before trusting it.

Like a lobster shell, security has layers — review code before you run it.

cli-toolsvk97d637abt5jxfmpdqampg34es80a63whass-clivk97d637abt5jxfmpdqampg34es80a63whome-automationvk97d637abt5jxfmpdqampg34es80a63wiotvk97d637abt5jxfmpdqampg34es80a63wlatestvk97d637abt5jxfmpdqampg34es80a63wlhomeassistantvk97d637abt5jxfmpdqampg34es80a63wsmart-homevk97d637abt5jxfmpdqampg34es80a63w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🏡 Clawdis
Binshass-cli

Install

Install Home Assistant CLI (brew)
Bins: hass-cli
brew install homeassistant-cli

Comments