Emporia Energy
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to be a transparent, read-only Emporia energy-query integration, with expected credential use and a minor dependency-pinning caution.
This looks safe to install if you are comfortable giving it Emporia or ESPHome credentials for read-only energy queries. Keep secrets out of chat, prefer environment/config storage, run `list` first to verify channels, and consider pinning the ESPHome dependency for reproducible installs.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured, the skill can access energy usage and circuit/channel information from the user's Emporia account or local ESPHome device.
The skill needs Emporia account credentials or ESPHome API credentials to read energy data. This is disclosed and purpose-aligned, but those credentials are sensitive and should be protected.
Cloud mode - `EMPORIA_EMAIL` - `EMPORIA_PASSWORD` ... - `ESPHOME_API_KEY` (Noise PSK, base64) or `ESPHOME_PASSWORD` (legacy)
Store credentials in environment/config rather than chat, use the least-privileged account or key available, and rotate credentials if they are exposed.
A future dependency release could change behavior or compatibility compared with the version originally tested.
ESPHome mode installs a dependency with a lower-bound version rather than an exact pin, so future installs may resolve to newer package versions. The install is user-directed and relevant to the skill's purpose.
aioesphomeapi>=18.0.0
For more reproducible installs, pin an exact aioesphomeapi version or use a lockfile before enabling ESPHome mode.