ClawHub

Netatmo

v1.0.1

Control Netatmo thermostat and read weather station data. Use for heating control (set temperature, change mode), checking indoor/outdoor temperatures, CO₂ levels, humidity, noise, and pressure readings.

1· 1.9k·0 current·0 all-time
byFlorian Beer@florianbeer
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The stated purpose (control Netatmo devices and read sensors) aligns with the SKILL.md commands (uses a `netatmo` CLI and standard Netatmo operations). However the skill metadata declares no required binaries or credentials even though the instructions require a local `netatmo` CLI and credentials files under ~/.config/netatmo/. The capability is plausible but the skill should explicitly declare these dependencies.
!
Instruction Scope
SKILL.md tells the agent to use `netatmo` CLI and to read/write credentials in ~/.config/netatmo/ (credentials.json with client_id/client_secret and tokens.json with OAuth tokens). Those files are sensitive (contain client secrets and access/refresh tokens). The skill does not declare that it will read those files, nor does it constrain or explain how tokens are handled. While reading those files is required to operate, the omission is a scope/transparency problem.
Install Mechanism
This is an instruction-only skill with no install spec or code to write to disk, which reduces install-side risk. The tradeoff is that it implicitly relies on an external binary (`netatmo`) being present — that dependency is not declared.
!
Credentials
No environment variables or primary credential are declared in the skill metadata, yet the runtime instructions require access to user-local credential files (~/.config/netatmo/credentials.json and tokens.json). Those files contain secrets (client_id/client_secret and OAuth tokens). The requested access is proportionate to Netatmo integration, but the omission in metadata is a transparency and least-privilege concern.
Persistence & Privilege
The skill does not request always:true or other elevated persistence; it is user-invocable and allowed to be invoked autonomously by default (platform normal). It does mention tokens auto-refreshing (which implies writing tokens.json), but there is no indication the skill modifies unrelated agent settings or other skills.
What to consider before installing
This skill appears to implement legitimate Netatmo operations, but it contains important omissions. Before installing: 1) Verify the skill's origin (owner is unknown) and prefer an official/verified source. 2) Confirm you have the `netatmo` CLI installed from an official release; the skill assumes that binary but doesn't declare it. 3) Inspect ~/.config/netatmo/credentials.json and tokens.json — they hold client_id/client_secret and OAuth tokens; only allow access if you trust the skill. 4) If you want to proceed, ask the author to update metadata to list the required binary and declare the config path(s) or to use environment variables so permissions are explicit. 5) Consider running the skill in an isolated account or VM, or deny agent access to your home config if you cannot verify the skill. If you cannot confirm provenance and trust, treat this as risky and avoid installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ce6byxwjvmwef2xyj3djzen7zxr29
1.9kdownloads
1stars
2versions
Updated 1mo ago
v1.0.1
MIT-0
Florian Beer@florianbeer
latest
Download

Netatmo

Control Netatmo smart home devices via netatmo CLI.

Setup

Credentials in ~/.config/netatmo/:

  • credentials.json: {"client_id": "...", "client_secret": "..."}
  • tokens.json: OAuth tokens (auto-refreshed)

Commands

netatmo status              # Full overview (thermostat + all sensors)
netatmo thermostat          # Thermostat details only
netatmo weather             # All sensors including Office
netatmo history             # 7-day temperature history with sparklines
netatmo history --days 14   # Custom period
netatmo set 21              # Set target temp (7-30°C, 3h manual mode)
netatmo mode schedule       # Resume schedule
netatmo mode away           # Away mode (12°C)
netatmo mode hg             # Frost guard (7°C)
netatmo <cmd> --json        # JSON output for any command

Available Data

LocationTempHumidityCO₂NoisePressureBattery
Bedroom (main)
Outdoor✓*
Living Room
Office

*Pressure displayed with Outdoor (sensor in main station)

Notes

  • CO₂ >1000 ppm = poor ventilation
  • set uses manual mode for 3h, then reverts to schedule
  • Tokens auto-refresh on expiry
  • History shows ASCII sparklines for temperature trends

Comments

Loading comments...