Back to skill
Skillv1.1.0
VirusTotal security
Home Assistant Agent (Secure) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:03 AM
- Hash
- 8795cbe1a2a7e0d5dbbfa57da11d22f25c558eb936e3662293176dd6daa08d77
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: home-assistant-agent-secure Version: 1.1.0 This skill is meticulously designed with a strong focus on security. The `SKILL.md` and `README.md` files contain explicit instructions for the AI agent to restrict its actions, such as only calling the `/api/conversation/process` endpoint, never echoing the `HOME_ASSISTANT_TOKEN`, and using a restricted Home Assistant user. It transparently warns about potential external vulnerabilities (e.g., Home Assistant's `trusted_networks` bypass) and advises on mitigation. While the `curl -k` flag is used, it's openly disclosed and justified for self-signed certificates, with advice to remove it if not needed. The instructions actively defend against prompt injection by setting strict boundaries for the agent's behavior, rather than attempting to induce malicious actions.
- External report
- View on VirusTotal