Back to skill
Skillv1.0.4
ClawScan security
SwitchBot OpenAPI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 17, 2026, 6:06 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill implements a straightforward SwitchBot OpenAPI client: the requested binaries, env vars, and scripts match its stated purpose and there is no sign of unrelated or covert data exfiltration.
- Guidance
- This skill appears to be a legitimate SwitchBot OpenAPI client. Before installing: (1) Treat SWITCHBOT_TOKEN and SWITCHBOT_SECRET as highly sensitive — they can be used to unlock doors and create passcodes; store them in a secure secrets store and rotate if shared. (2) Run non-destructive commands first (e.g., list, status) to validate connectivity and correct token use. (3) If you run this on a multi-tenant gateway, restrict which agents/users can invoke the skill because it can perform sensitive operations. (4) Note the README mentions SWITCHBOT_REGION (optional) though the scripts use a single base URL; verify region behavior if you expect regional endpoints. (5) The skill sends only to api.switch-bot.com (and will forward user-supplied image URLs to the API for art-frame uploads) — no other network endpoints were found.
Review Dimensions
- Purpose & Capability
- okName/description match the code and scripts. Required binaries (node, curl, openssl, jq, uuidgen) and required env vars (SWITCHBOT_TOKEN, SWITCHBOT_SECRET) are appropriate for signing and calling the official SwitchBot OpenAPI. The included shell scripts and Node CLI implement the documented operations (list, status, commands, scenes).
- Instruction Scope
- okSKILL.md and the scripts instruct the agent to call api.switch-bot.com and to use the provided CLI/scripts. The runtime instructions only read the declared env vars and run the bundled scripts; they do not attempt to read unrelated system files or contact unexpected external endpoints. The Node CLI and shell scripts perform preflight checks and then call the official API.
- Install Mechanism
- okNo install spec or external download is present; this is delivered as source files and scripts. Nothing in the package pulls arbitrary code from untrusted URLs or creates non-standard binaries.
- Credentials
- noteThe skill only requires SWITCHBOT_TOKEN and SWITCHBOT_SECRET, which is proportionate for an API client. Note: those credentials grant full API access and therefore can perform sensitive actions (unlocking locks, creating passcodes, executing scenes). The README mentions an optional SWITCHBOT_REGION, but it is not declared in requires.env and the code currently uses a single base URL—minor inconsistency. Users should ensure the token/secret are stored securely and scoped/rotated appropriately.
- Persistence & Privilege
- okalways:false and user-invocable:true (default) — the skill does not request permanent/automatic inclusion or elevated platform privileges, and it does not modify other skills or system-wide settings.