Eightctl
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill matches its stated purpose, but it can control a physical sleep device and account settings using Eight Sleep credentials, so it should be reviewed before installation.
Only install this if you are comfortable letting the agent use eightctl to control your Eight Sleep pod. Confirm every action that changes device state or account settings, protect your Eight Sleep credentials, and consider pinning or reviewing the upstream CLI before use.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked too broadly, the agent could change bed state, schedules, audio playback, or base angle in ways the user did not intend.
The skill exposes multiple device- and account-changing commands, but explicit confirmation is only stated for temperature and alarms, leaving other state changes less clearly bounded.
Quick start - `eightctl status` - `eightctl on|off` - `eightctl temp 20` Common tasks - Alarms: `eightctl alarm list|create|dismiss` - Schedules: `eightctl schedule list|create|update` - Audio: `eightctl audio state|play|pause` - Base: `eightctl base info|angle` Notes - Confirm before changing temperature or alarms.
Require explicit user confirmation before every state-changing command, especially on/off, schedule create/update, audio playback, and base angle changes.
The configured credentials may allow control of the user's Eight Sleep pod and related account settings.
The skill needs Eight Sleep account authentication, which is expected for controlling the device, but those credentials are sensitive and are not declared as a primary credential in the registry metadata.
Requires auth. Auth - Config: `~/.config/eightctl/config.yaml` - Env: `EIGHTCTL_EMAIL`, `EIGHTCTL_PASSWORD`
Use the least-privileged authentication method available, store credentials securely, and avoid installing unless you trust the eightctl CLI and its upstream source.
Future upstream changes to the CLI could affect what code is installed and run.
The skill installs an external CLI from a moving @latest Go module. This is consistent with the skill's purpose, but the installed code is not present in the artifact set and may change over time.
go | module: github.com/steipete/eightctl/cmd/eightctl@latest | creates binaries: eightctl
Prefer a pinned module version and review the upstream project before installing.