ClawHub

Moltbot Home Assistant

v0.1.1

Control Home Assistant smart home devices, lights, scenes, and automations via moltbot-ha CLI with configurable safety confirmations.

3· 2.1k·4 current·4 all-time
by@iamvaleriofantozzi
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the instructions: this is a CLI wrapper for Home Assistant and legitimately needs a Home Assistant token and the moltbot-ha CLI. However, the registry-level metadata provided with the skill listing claims 'no required env vars' and 'no install spec', while the SKILL.md metadata and instructions explicitly require HA_TOKEN and recommend installing moltbot-ha (uv/pip). This mismatch is an incoherence that should be resolved.
!
Instruction Scope
SKILL.md instructs the agent to ask user confirmation before using --force and to treat many informal affirmative replies as consent. That is within the skill's purpose (safety confirmations), but the confirmation semantics are broad and could allow accidental authorization (e.g., casual affirmatives like 'OK' or 'sure' being interpreted as approval). The instructions also reference user config (~/.config/moltbot-ha/config.toml) and environment variables (HA_TOKEN, HA_URL), which are expected for this purpose.
Install Mechanism
The skill bundle itself is instruction-only (no code), so nothing is written by the registry. SKILL.md recommends installing the moltbot-ha tool via 'uv tool install' or pip. That's a low-to-moderate risk install path — uv is an external tool manager (and pip is standard). There is no download-from-arbitrary-URL behavior in the skill bundle, but you should verify the provenance of the moltbot-ha package (PyPI or GitHub releases) before installing.
Credentials
The only service credential the tool needs is a Home Assistant long-lived access token (HA_TOKEN) and optionally HA_URL — this is proportional to the declared purpose. The incoherence is that the registry summary claims no required env vars while the SKILL.md repeatedly instructs to set HA_TOKEN; that discrepancy should be clarified before trusting the skill.
Persistence & Privilege
The skill does not request always:true or elevated persistent privileges. It uses a per-user config file (~/.config/moltbot-ha/config.toml) and does not attempt to modify other skills or system-wide agent settings. Autonomous invocation is allowed by default but not unusual; combine this with the confirmation ambiguity when granting agent autonomy.
What to consider before installing
This skill appears to do what it says: control Home Assistant via the moltbot-ha CLI and it legitimately needs a Home Assistant long‑lived token (HA_TOKEN). Before installing: 1) Confirm the registry metadata and SKILL.md agree — the SKILL.md requires HA_TOKEN and suggests installing moltbot-ha, but the registry listing omitted those requirements. 2) Verify the provenance of the moltbot-ha package (install from an official GitHub release or PyPI and inspect code) rather than blindly running a uv install. 3) Configure blocked_entities and allowed_entities to limit what the agent can control, and set safety level 3. 4) Be cautious about the agent confirmation rules: the skill treats casual affirmatives as consent, which can let accidental approvals authorize critical actions (doors, garage). If you plan to let the agent act autonomously, tighten confirmation semantics (require a specific confirmation phrase or manual approval) and keep high-risk devices blocked. If you want to reduce uncertainty, ask the maintainer/owner to correct the registry metadata to list HA_TOKEN and the install recommendation explicitly.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ansydrw44g2051p4gmgd4xx80cd0w
2.1kdownloads
3stars
1versions
Updated 1mo ago
v0.1.1
MIT-0
@iamvaleriofantozzi
latest
Download

Home Assistant Control

Control your smart home via Home Assistant API using the moltbot-ha CLI tool.

Setup

1. Install moltbot-ha

uv tool install moltbot-ha

2. Initialize Configuration

moltbot-ha config init

The setup will interactively ask for:

  • Home Assistant URL (e.g., http://192.168.1.100:8123)
  • Token storage preference (environment variable recommended)

3. Set Environment Variable

Set your Home Assistant long-lived access token:

export HA_TOKEN="your_token_here"

To create a token:

  1. Open Home Assistant → Profile (bottom left)
  2. Scroll to "Long-Lived Access Tokens"
  3. Click "Create Token"
  4. Copy the token and set as HA_TOKEN environment variable

4. Test Connection

moltbot-ha test

Discovery Commands

List All Entities

moltbot-ha list

List by Domain

moltbot-ha list light
moltbot-ha list switch
moltbot-ha list cover

Get Entity State

moltbot-ha state light.kitchen
moltbot-ha state sensor.temperature_living_room

Action Commands

Turn On/Off

# Turn on
moltbot-ha on light.living_room
moltbot-ha on switch.coffee_maker

# Turn off
moltbot-ha off light.bedroom
moltbot-ha off switch.fan

# Toggle
moltbot-ha toggle light.hallway

Set Attributes

# Set brightness (percentage)
moltbot-ha set light.bedroom brightness_pct=50

# Set color temperature
moltbot-ha set light.office color_temp=300

# Multiple attributes
moltbot-ha set light.kitchen brightness_pct=80 color_temp=350

Call Services

# Activate a scene
moltbot-ha call scene.turn_on entity_id=scene.movie_time

# Set thermostat temperature
moltbot-ha call climate.set_temperature entity_id=climate.living_room temperature=21

# Close cover (blinds, garage)
moltbot-ha call cover.close_cover entity_id=cover.garage

Generic Service Call

# With parameters
moltbot-ha call automation.trigger entity_id=automation.morning_routine

# With JSON data
moltbot-ha call script.turn_on --json '{"entity_id": "script.bedtime", "variables": {"brightness": 10}}'

Safety & Confirmations

moltbot-ha implements a 3-level safety system to prevent accidental actions:

Safety Level 3 (Default - Recommended)

Critical operations require explicit confirmation:

  • lock.*: Door locks
  • alarm_control_panel.*: Security alarms
  • cover.*: Garage doors, blinds

How Confirmation Works

  1. Attempt critical action:
moltbot-ha on cover.garage
  1. Tool returns error:
⚠️  CRITICAL ACTION REQUIRES CONFIRMATION

Action: turn_on on cover.garage

This is a critical operation that requires explicit user approval.
Ask the user to confirm, then retry with --force flag.

Example: moltbot-ha on cover.garage --force
  1. Agent sees this error and asks you:

"Opening the garage door is a critical action. Do you want to proceed?"

  1. You confirm:

"Yes, open it"

  1. Agent retries with --force:
moltbot-ha on cover.garage --force
  1. Action executes successfully.

Important: Never Use --force Without User Consent

⚠️ CRITICAL RULE FOR AGENTS:

  • NEVER add --force flag without explicit user confirmation
  • ALWAYS show the user which critical action is being attempted
  • WAIT for explicit "yes" / "confirm" / "approve" before using --force
  • BE SMART about what constitutes confirmation: "Yes", "OK", "Sure", "Do it", "Confirmed", or any affirmative response in the context of the request is sufficient. You do NOT need the user to type a specific phrase verbatim.

Blocked Entities

Some entities can be permanently blocked in configuration:

[safety]
blocked_entities = ["switch.main_breaker", "lock.front_door"]

These cannot be controlled even with --force.

Configuration

Edit ~/.config/moltbot-ha/config.toml:

[safety]
level = 3  # 0=disabled, 1=log-only, 2=confirm all writes, 3=confirm critical

critical_domains = ["lock", "alarm_control_panel", "cover"]

blocked_entities = []  # Add entities that should never be automated

allowed_entities = []  # If set, ONLY these entities are accessible (supports wildcards)

Common Workflows

Morning Routine

moltbot-ha on light.bedroom brightness_pct=30
moltbot-ha call cover.open_cover entity_id=cover.bedroom_blinds
moltbot-ha call climate.set_temperature entity_id=climate.bedroom temperature=21

Night Mode

moltbot-ha off light.*  # Requires wildcard support in future
moltbot-ha call scene.turn_on entity_id=scene.goodnight
moltbot-ha call cover.close_cover entity_id=cover.all_blinds

Check Sensors

moltbot-ha state sensor.temperature_living_room
moltbot-ha state sensor.humidity_bathroom
moltbot-ha state binary_sensor.motion_hallway

Troubleshooting

Connection Failed

  • Verify HA_URL in config matches your Home Assistant URL
  • Ensure Home Assistant is reachable from the machine running moltbot-ha
  • Check firewall settings

401 Unauthorized

  • Verify HA_TOKEN is set correctly
  • Ensure token is a Long-Lived Access Token (not temporary)
  • Check token hasn't been revoked in Home Assistant

Entity Not Found

  • Use moltbot-ha list to discover correct entity IDs
  • Entity IDs are case-sensitive
  • Format is domain.entity_name (e.g., light.kitchen, not Light.Kitchen)

Docker Networking

If running in Docker and can't reach Home Assistant on homeassistant.local:

  • Use IP address instead: http://192.168.1.100:8123
  • Or use Tailscale for reliable mesh networking

Configuration Reference

Full config file (~/.config/moltbot-ha/config.toml):

[server]
url = "http://homeassistant.local:8123"
# token = "optional_here_prefer_env_var"

[safety]
level = 3
critical_domains = ["lock", "alarm_control_panel", "cover"]
blocked_entities = []
allowed_entities = []

[logging]
enabled = true
path = "~/.config/moltbot-ha/actions.log"
level = "INFO"

Examples for Agents

Discovery Pattern

User: "What lights do I have?"
Agent: moltbot-ha list light
Agent: "You have these lights: light.living_room, light.kitchen, light.bedroom"

Safe Action Pattern

User: "Turn on the living room light"
Agent: moltbot-ha on light.living_room
Agent: "Living room light is now on"

Critical Action Pattern

User: "Open the garage"
Agent: moltbot-ha on cover.garage
<receives CriticalActionError>
Agent: "⚠️ Opening the garage door is a critical action. Do you want to proceed?"
User: "Yes, open it"
Agent: moltbot-ha on cover.garage --force
Agent: "Garage door is opening"

Notes

  • All write actions are logged to ~/.config/moltbot-ha/actions.log by default
  • Safety settings are configurable per installation
  • Wildcards (*) are supported in allowed_entities and blocked_entities
  • JSON output available with --json flag for programmatic parsing

Comments

Loading comments...