ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nest Devices

v2.0.1

Control Nest smart home devices (thermostat, cameras, doorbell) via the Device Access API. Use when asked to check or adjust home temperature, view camera feeds, check who's at the door, monitor rooms, or set up temperature schedules.

0· 2.3k·5 current·5 all-time
by@amogower
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill claims to control Nest devices and the included Python client (scripts/nest.py) and webhook (scripts/nest-webhook.py) implement that. However the registry metadata lists no required environment variables or primary credential while the SKILL.md and code clearly require Nest OAuth credentials (project_id, client_id, client_secret, refresh_token), optional 1Password service account token(s), Telegram tokens, and a Clawdbot hooks token. That metadata omission is an inconsistency the user should be aware of.
!
Instruction Scope
SKILL.md instructs the agent/user to run OAuth flows, configure 1Password access, create a Cloud Pub/Sub topic, install and run a Cloudflare tunnel, add a systemd service for a local webhook, and enable 'Clawdbot Hooks' in a global clawdbot.json. The webhook code reads secrets (1Password/op or env vars), captures camera snapshots (via SDM APIs or RTSP + ffmpeg), sends images to Telegram, and POSTs event summaries to a GATEWAY_URL/hook endpoint with an Authorization header. These operations go beyond a simple device client and require persistent services and changing global agent configuration — appropriate for webhook functionality but wider in scope and with potential for data exfiltration if misconfigured.
Install Mechanism
There is no formal install spec, but SKILL.md shows an explicit curl download of cloudflared from the project's GitHub releases (reasonable source) and instructions to create systemd services. The skill will call external binaries (op, ffmpeg, cloudflared) via subprocess; those are expected for the described behavior but mean the runtime depends on locally-installed third-party tools.
!
Credentials
The code and docs require multiple sensitive values: Nest OAuth credentials (client_secret and refresh token), an OP service account token (OP_SERVICE_ACCOUNT_TOKEN or OP_TOKEN_*), an optional TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID, and a CLAWDBOT_HOOKS_TOKEN + CLAWDBOT_GATEWAY_URL. Nest credentials are necessary for the API, and 1Password access is a reasonable convenience, but the Clawdbot hook and gateway token give the skill the ability to POST events to an external gateway (potential exfiltration vector) and the registry metadata does not declare these requirements — a mismatch and risk.
!
Persistence & Privilege
The skill asks users to create a persistent systemd service and a Cloudflare tunnel to expose a local webhook, and to enable global 'clawdbot' hooks in clawdbot.json. While persistence is needed for real-time events, writing global clawdbot config and running a long-lived service increases the blast radius if credentials or webhook endpoints are misused. The skill is not marked always:true, but its instructions result in persistent, autonomous behavior.
What to consider before installing
This skill mostly does what it says (Nest control + webhook), but there are important red flags to check before installing: - Expect to provide sensitive credentials: Nest OAuth client_id/client_secret/refresh_token (or equivalent 1Password item and OP service account token). The registry metadata omitted these — do not assume none are needed. - Review and restrict any CLAWDBOT_GATEWAY_URL and CLAWDBOT_HOOKS_TOKEN usage. The webhook will POST events (including potentially images) to GATEWAY_URL/hook with the token. Only point this at a gateway you control and keep the token secret. - The webhook can send images to Telegram if TELEGRAM_BOT_TOKEN/CHAT_ID are set. If you don't want images leaving your network, omit Telegram and/or run the webhook on an isolated host. - The SKILL.md instructs creating systemd services and a cloudflared tunnel — these create persistent network exposure. Prefer running the webhook in a dedicated, network-isolated VM or container and verify the cloudflared binary and its credentials come from the official release. - The code invokes local binaries ('op', 'ffmpeg') via subprocess. Verify you trust those binaries and their locations; supply credentials via environment variables instead of broad 1Password service-account tokens where possible. - If you must install, audit the included scripts (nest.py and nest-webhook.py) yourself, and update the registry metadata to reflect required env vars so future users are not surprised. If you are not comfortable granting any of the listed tokens or creating persistent services and tunnels, do not install. If you proceed, limit tokens' scopes, run in isolation, and review outgoing endpoints (Telegram and any gateway) carefully.

Like a lobster shell, security has layers — review code before you run it.

latestvk972e4ke4mwpgjj0vvbbhqnpb5801250

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🏠 Clawdis

Comments