Nest SDM
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its Nest-control purpose, but it asks for high-impact Google/Nest privileges, can change physical devices, forwards home events to Telegram, and has unsafe shell/Python data handling.
Install only if you are comfortable giving the skill access to your Nest devices and related Google Cloud project. Before use, restrict OAuth scopes where possible, avoid the raw API command unless you know exactly what it will do, review the Telegram forwarding behavior, and consider fixing the unsafe python3 -c interpolation patterns.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked incorrectly or too broadly, the agent could change thermostat modes, fan settings, or other supported device state without a clear safety boundary.
The skill exposes a raw API command path that can send arbitrary SDM executeCommand calls to Nest devices, in addition to high-level thermostat commands.
nest api POST devices/<DEVICE_ID>:executeCommand '{"command":"...","params":{...}}'Require explicit user confirmation for all write actions, disable or restrict the raw API escape hatch by default, and document which commands are safe for autonomous use.
The skill may receive authority over parts of the user's Google Cloud project, not just Nest devices.
The setup asks for broad Google Cloud OAuth scopes and persistent tokens for Pub/Sub/GCP operations, which exceeds simple Nest device reads and writes.
OAuth with Pub/Sub scope — Run OAuth flow as your-email@example.com with `pubsub` + `cloud-platform` scopes. Save tokens to `.nest-pubsub-tokens.json`.
Use the narrowest possible Pub/Sub scope, avoid cloud-platform unless strictly required, clearly declare credentials in metadata, and explain exactly what project resources the skill can create or modify.
The skill could act with whatever Google Cloud permissions are available in the user's local gcloud session.
If the Pub/Sub token file is missing or refresh fails, the script falls back to an existing local gcloud login, using a high-impact local account credential source.
local GCLOUD="${HOME}/.local/google-cloud-sdk/bin/gcloud"
token=$("$GCLOUD" auth print-access-token 2>/dev/null)Do not silently fall back to gcloud credentials; require explicit user opt-in and document the exact account and project permissions used.
Home/security event information can be sent to a third-party messaging service and stored outside the Nest/Google account boundary.
The event listener can forward Nest doorbell, motion, person, sound, and thermostat alerts to Telegram using bot credentials.
curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage"Make Telegram forwarding opt-in, clearly disclose it in setup/metadata, avoid reading credentials from shell startup files automatically, and explain what event data is sent.
A malicious or malformed event payload could potentially run commands on the user's machine under the skill's permissions.
Event data is interpolated directly into a python3 -c source string. Crafted event content containing Python string delimiters could break out of the string and execute local code.
event = json.loads('''${event_json}''')Pass event JSON through stdin, argv, or environment variables instead of embedding it into Python source; apply the same fix anywhere shell variables are inserted into python3 -c code.
When started, the listener can continue polling and sending alerts until stopped.
The skill documents a long-running listener mode for real-time events.
nest-events listen # Poll continuously (daemon)
Run listener mode only when needed, keep it in a visible terminal or managed service, and document how to stop it and where logs/tokens are stored.