ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nest SDM

v1.0.0

Control Nest thermostat, doorbell, and cameras via the Google Smart Device Management (SDM) API.

0· 621·0 current·0 all-time
byTag@tag-assistant
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (Nest SDM control and event forwarding) aligns with the included scripts and SKILL.md: OAuth tokens, SDM API calls, and Pub/Sub event handling are expected for this use case. Required binaries (curl, python3) are proportional. However, the registry metadata declares no required env vars while the scripts clearly read several environment variables and token files — this declaration mismatch is noteworthy.
!
Instruction Scope
SKILL.md and the scripts instruct the agent to read and write token files under ~/.openclaw/workspace, run OAuth exchanges, poll Google Pub/Sub, and forward events to Telegram. The nest-events.sh script additionally attempts to parse $HOME/.zshenv for TELEGRAM_* variables and falls back to invoking a local gcloud binary to obtain access tokens. Those actions expand scope beyond simple SDM API calls because they read arbitrary shell config and reuse any existing gcloud credentials on the host.
Install Mechanism
This is an instruction-only skill with no installer; there is no network-downloaded code at install time. Code files are bundled with the skill (shell scripts), so nothing is fetched or executed automatically beyond what the scripts do when run.
!
Credentials
The skill legitimately needs OAuth client_id/client_secret/refresh_token and (optionally) Pub/Sub tokens and a Telegram bot token to operate. However: the registry lists no required env vars while the scripts expect NEST_SDM_TOKENS, NEST_PUBSUB_TOKENS, TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, GCP_PROJECT and more. The script's behavior of scanning ~/.zshenv for TELEGRAM_* and using gcloud to fetch tokens can access unrelated secrets/credentials on the host — this is disproportionate unless explicitly documented and consented to.
Persistence & Privilege
The skill does not request always:true and does not modify other skill configs. It can be run as a daemon (listen) which is expected for event forwarding, and autonomous invocation is allowed by default (platform normal). No elevated system persistence or cross-skill configuration changes are requested by the code.
What to consider before installing
This skill appears to do what it says (control Nest and forward events), but the bundled scripts read and create token files and may pull credentials from places you might not expect (your ~/.zshenv and any local gcloud auth). Before installing or running: (1) Inspect the token files and avoid placing other secrets in ~/.openclaw/workspace or your shell rc; (2) Prefer creating dedicated OAuth credentials and a dedicated GCP project with least-privilege scopes; (3) Don't store long-lived unrelated secrets in .zshenv — the script will try to read it; (4) Consider running the scripts in an isolated environment (container or restricted user) and verify TELEGRAM_BOT_TOKEN/CHAT_ID are set explicitly rather than relying on automatic discovery; (5) If you don't want event forwarding, avoid running nest-events.sh or remove the Telegram forwarding sections. If you're unsure, test in a disposable account/project first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d9v5n27gvkw6wp7nt885nhd81bp8b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🏠 Clawdis
Binscurl, python3

Comments