Back to skill
Skillv1.1.0
ClawScan security
Home Assistant Agent (Secure) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 16, 2026, 10:42 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions are consistent with its stated purpose (calling Home Assistant's Conversation/Assist API only) and the requested environment variables are appropriate — the README and SKILL.md explicitly acknowledge the main risks and give mitigation guidance.
- Guidance
- This skill appears coherent and appropriately scoped, but before installing: (1) create a dedicated non-admin Home Assistant user and grant it only the areas/entities the skill needs; (2) avoid storing the token in world-readable files and rotate it periodically; (3) do not enable trusted_networks allow_bypass_login (or set allow_bypass_login: false); (4) avoid using curl -k on internet-facing HA instances — prefer a valid TLS certificate; and (5) consider auditing agent logs/outputs after first use to confirm the token is never echoed and the skill only calls /api/conversation/process as intended.
Review Dimensions
- Purpose & Capability
- okName/description match the requested resources: curl plus HOME_ASSISTANT_URL and HOME_ASSISTANT_TOKEN are exactly what is needed to POST to /api/conversation/process. There are no unrelated binaries, extra cloud credentials, or unexpected config paths.
- Instruction Scope
- noteInstructions are narrowly scoped to calling /api/conversation/process and explicitly forbid other HA endpoints and echoing the token. One minor operational note: SKILL.md suggests using curl -k to allow self-signed certificates (insecure TLS) — acceptable for local/self-signed setups but a security tradeoff the user should understand.
- Install Mechanism
- okNo install spec or remote downloads; this is an instruction-only skill that relies on an existing curl binary. That keeps the disk/write/execute risk minimal.
- Credentials
- noteOnly HOME_ASSISTANT_URL and HOME_ASSISTANT_TOKEN are required, which is proportionate. However, long-lived HA tokens are not limited to the Conversation API by design — the SKILL.md correctly calls this out and advises using a restricted, non-admin user. The token remains powerful if misused, so the guidance to restrict the user and to avoid trusted_networks bypass is important.
- Persistence & Privilege
- okThe skill does not request always:true and is user-invocable. It does not modify other skills or system-wide settings and does not request persistent installation privileges.