ClawHub

TRÅDFRI Lights

v0.2.0

Control IKEA TRÅDFRI lights and groups through a local TRÅDFRI gateway using the native gateway API via node-tradfri-client. Use when the user wants to list...

0· 90·0 current·0 all-time
by@ymebosma
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (local TRÅDFRI gateway control) align with the provided scripts and instructions: the script uses node-tradfri-client and operates only against a locally reachable gateway host. Minor metadata mismatch: the registry lists no required env vars or binaries, while the SKILL.md and script require Node.js and allow TRADFRI_HOST/TRADFRI_IDENTITY/TRADFRI_PSK (and a few tuning env vars). This appears to be an omission in metadata rather than malicious intent.
Instruction Scope
SKILL.md instructs running the included script and installing dependencies (npm install). The runtime instructions and operating rules limit actions to the local TRÅDFRI gateway and ask for confirmation on bulk/house actions; the script reads local config.json and environment variables. The instructions do not direct data to external endpoints beyond the gateway, nor do they ask to read unrelated system files.
Install Mechanism
This is instruction-only (no autoinstall spec). The user is told to run `npm install` in the skill folder to install node-tradfri-client. No downloads from untrusted URLs or remote extract/install steps are present. The lack of an install spec and the requirement to run npm manually is normal but should be noted by the user.
Credentials
The script legitimately needs only local gateway credentials (identity/psk) and the gateway host. Those are the only sensitive values used. However, the registry metadata did not declare these environment variables or the implicit Node requirement; additionally the script accepts extra tuning env vars (TRADFRI_SETTLE_MS, TRADFRI_RETRIES, TRADFRI_RETRY_DELAY_MS) that are not documented in the registry metadata. This is a proportional but partly undocumented set of env vars.
Persistence & Privilege
The skill is not always-enabled, does not request elevated platform privileges, and does not modify other skills or global agent configuration. It runs as a local script when invoked and therefore has only the privileges of the process that executes it.
Assessment
This skill appears to do what it says: control a local IKEA TRÅDFRI gateway. Before installing/run it: 1) Ensure Node.js is available and run `npm install` in the skill folder as instructed. 2) Provide gateway credentials only via config.json or the env vars TRADFRI_HOST / TRADFRI_IDENTITY / TRADFRI_PSK — do not publish these values. 3) Be aware the script must be able to reach the gateway on your local network; run it from a host with network access to the gateway. 4) Review scripts/tradfri.js yourself (it is included) if you have concerns — it operates locally and does not contact external services. 5) Note minor metadata omissions: the registry did not declare the env vars or the Node binary requirement; treat that as a packaging/documentation issue rather than a security red flag. If you want higher assurance, run the script in a controlled environment (or inspect and run it manually) before allowing autonomous agent invocation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c610twdqp9f8bv4ywvhsem9846n2b
90downloads
0stars
5versions
Updated 2w ago
v0.2.0
MIT-0
@ymebosma
latest
Download

Tradfri Lights

Use this skill for local IKEA TRÅDFRI light control through an IKEA TRÅDFRI gateway.

Quick start

  • Use scripts/tradfri.js for actual gateway actions.
  • Read references/setup.md before first use to configure the gateway host and credentials.
  • Install dependencies in the skill folder before first use: npm install.
  • This skill depends on node-tradfri-client and a locally reachable IKEA TRÅDFRI gateway.
  • Prefer exact light/group names, but the script also supports simple fuzzy matching.
  • For surprising household actions, confirm first unless the user clearly asked for the action.

Commands

Run commands from the skill folder or with an absolute path.

Check connection

node scripts/tradfri.js status

List lights

node scripts/tradfri.js list-devices

List groups

node scripts/tradfri.js list-groups

Show what is on

node scripts/tradfri.js whats-on

Show offline lights

node scripts/tradfri.js offline

Turn a light on or off

node scripts/tradfri.js light-off "Speelkamer 1"
node scripts/tradfri.js light-on "Speelkamer 1"

Set brightness

node scripts/tradfri.js brightness "Speelkamer 1" 35

Turn a group on or off

node scripts/tradfri.js group-off "Woonkamer"
node scripts/tradfri.js group-on "Woonkamer"

Set group brightness

node scripts/tradfri.js group-brightness "Woonkamer" 50
node scripts/tradfri.js group-brightness "Slaapkamers" 100

Turn the main house groups all on or off

node scripts/tradfri.js all-on
node scripts/tradfri.js all-on _ 100
node scripts/tradfri.js all-off
node scripts/tradfri.js all-on _ 50 --verify

Note: SuperGroup and Instellen are intentionally excluded from bulk actions.

Control one floor

node scripts/tradfri.js floor-on 1 50 --verify
node scripts/tradfri.js floor-off 4 --verify

Apply a house layout preset

node scripts/tradfri.js layout day --verify
node scripts/tradfri.js layout evening --verify
node scripts/tradfri.js layout night --verify

Operating rules

  • Match exact names first; fall back to fuzzy/partial matching only when it yields one clear result.
  • If multiple likely matches exist, show candidates and ask.
  • If a target is offline (alive: false), say so explicitly instead of pretending the action succeeded.
  • After changing a light or group, report the exact target used.
  • After smart-home actions, verify that the resulting status matches the intended outcome when practical.
  • Prefer device-level verification after group actions because some gateways may report inconsistent group state.
  • Keep credentials out of normal chat replies.
  • Use this skill for TRÅDFRI gateway control, not HomeKit scenes.
  • Ask for confirmation before large household-wide actions unless the user clearly asked for them.

Notes

  • The tested route is node-tradfri-client, not pytradfri.
  • Install dependencies with npm install in the skill folder. The required runtime dependency is node-tradfri-client.
  • The script includes retry logic, settle delays, device-level verification, floor commands, and layout presets for installations that need more robust post-action checks.
  • The gateway must be reachable on the local network from the machine running the skill.
  • The script reads config from config.json, with environment variables overriding it:
    • TRADFRI_HOST
    • TRADFRI_IDENTITY
    • TRADFRI_PSK
  • list-devices, whats-on, and offline include the resolved group name when the gateway exposes deviceIDs on groups.
  • The published version intentionally ships without working credentials; users must add their own local gateway details.
  • If auth stops working, recreate credentials using the flow in references/setup.md.

Comments

Loading comments...