ClawHub

agentpass

v1.0.0

Control Home Assistant devices through the agentpass security gateway. Use when the user asks to control lights, switches, sensors, climate, or any smart hom...

0· 41·0 current·0 all-time
by@torbenwetter
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binaries (agentpass), and required env vars (AGENTPASS_URL, AGENT_TOKEN) align with a gateway-based Home Assistant control client. The requested artifacts are what you'd expect for a CLI that forwards requests to a remote gateway.
Instruction Scope
SKILL.md only instructs using the agentpass CLI to list tools, query states, or submit requests that may block for human Telegram approval. It does not ask the agent to read unrelated files, environment variables, or system state. Note: the skill requires the agent to block and wait up to 15 minutes for approvals instead of prompting the user to manually check Telegram.
Install Mechanism
Install metadata uses a 'uv' package entry to create the agentpass binary. This is not a direct URL download (lower risk), but 'uv' is an uncommon installer in this metadata — verify that the package source is the official project (e.g., the GitHub repo listed) before installing.
Credentials
Only AGENTPASS_URL and AGENT_TOKEN are required, which is proportionate for a remote gateway client. No unrelated secrets, system config paths, or extra credentials are requested.
Persistence & Privilege
always is false and the skill is user-invocable with normal autonomous invocation allowed. The skill does not request persistent platform-wide privileges or access to other skills' configs in the provided instructions.
Assessment
This skill appears coherent, but before installing: 1) Verify the agentpass CLI binary/package comes from the official project (inspect the GitHub releases or source) rather than an untrusted registry; 2) Limit the AGENT_TOKEN permissions to only what's needed and rotate/revoke if unsure; 3) Confirm the AGENTPASS_URL points to your intended gateway and that the human-guardian Telegram account is trusted; 4) Be aware requests may block the agent for up to 15 minutes while awaiting human approval; 5) If you need stronger assurance, run the agentpass binary in an isolated environment and review network traffic to confirm it only communicates with the declared gateway.

Like a lobster shell, security has layers — review code before you run it.

latestvk97741sxn8msxyyc8w0pcaeyjs841cdx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔐 Clawdis
OSLinux · macOS
Binsagentpass
EnvAGENTPASS_URL, AGENT_TOKEN

Install

Install agentpass CLI
Bins: agentpass
uv tool install agentpass

Comments