ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Home Assistant Toolkit

v2.0.0

Home Assistant full management skill — control devices, create automations, monitor health, manage backups, update HACS, generate dashboards, all via SSH. Us...

0· 40·0 current·0 all-time
bymotionbeard@vitaliisergin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The scripts perform exactly the Home Assistant tasks the description claims (SSH + REST API access, config editing, backups, HACS updates, release-note fetching, integration scanning). However the registry metadata over-declares required items: the skill claims many env vars and even sshpass as 'required', while the runtime supports either REST (HA_URL + HA_TOKEN) or SSH (HA_HOST + SSH creds) modes. Requiring all credentials/binaries at install time is disproportionate — only one access method is needed in practice.
Instruction Scope
SKILL.md directs the agent to run the included scripts (absolute paths required) and to use either REST API or SSH. The instructions are specific about what is read/written (remote HA config paths, local references/* files) and include a first-run check. The scripts read/write config and backups on the remote HA instance as expected. They do not appear to exfiltrate data to third-party endpoints; network calls go to the user's HA instance or to public GitHub for release notes.
Install Mechanism
There is no install spec (instruction-only behavior), which reduces risk of arbitrary downloads. The skill ships executable scripts that will be run directly from the skill directory; no external install or archive download is performed by the skill itself.
!
Credentials
The declared required env vars list (HA_URL, HA_TOKEN, HA_HOST, HA_SSH_PORT, HA_SSH_USER, HA_SSH_PASS, HA_CONFIG_PATH) is more permissive than necessary: runtime code supports either REST (HA_URL + HA_TOKEN) or SSH (HA_HOST and related) and treats HA_SSH_PASS as optional. Marking HA_SSH_PASS and sshpass as required/in-anyBins is inconsistent and risky because sshpass exposes passwords on the process list. The skill's primary credential (HA_TOKEN) is appropriate, but storing a long-lived HA token in openclaw.json or env vars is sensitive — users should ensure the token has appropriate scope and is stored securely.
Persistence & Privilege
always: false and no modifications to other skills or global agent settings are requested. The skill writes generated references/ files into its own skill directory and operates on the remote HA instance only when authorized. Autonomous invocation is allowed (platform default) and not by itself flagged here.
What to consider before installing
This skill appears to implement the Home Assistant management features it advertises, but there are a few important things to consider before enabling it: - Credentials requested: You only need either REST access (HA_URL + HA_TOKEN) OR SSH access (HA_HOST + SSH user/key or password). The registry metadata unnecessarily lists both methods and even marks HA_SSH_PASS/sshpass as required; you do not have to provide a password if you use key-based SSH or the REST token. Prefer key-based SSH and prefer REST API + a limited long-lived token when possible. - Sensitive secret placement: HA_TOKEN (long-lived access token) will be stored in your environment or in ~/.openclaw/openclaw.json. Treat it like a password and store it securely. If using HA_SSH_PASS and sshpass, be aware that sshpass exposes the password in process listings (/proc/*/cmdline); avoid password auth if you can. - Metadata vs runtime mismatch: The skill's metadata over-declares required binaries (sshpass) and env vars. That is likely a packaging/configuration error, not necessarily malicious, but ask the publisher or review SKILL.md and scripts if you need assurance that you won't be forced to supply extra credentials. - Host key handling: The SSH wrapper uses StrictHostKeyChecking=accept-new (TOFU). That eases first-time connection but accepts new host keys automatically; for high-security setups you should pre-populate known_hosts and not accept automatic trust. - What it does on your systems: The scripts will read/write files under your HA config path, run HA CLI commands (backups, restores, restarts), and download public release notes from GitHub. The skill writes generated docs into its own references/ directory. There are no calls to unknown third-party endpoints in the scripts reviewed. - Review and test: Because this skill executes shell commands against your Home Assistant instance, review the scripts and test in a non-critical environment or take a backup before performing destructive operations (restores, apply dashboard, etc.). Run the provided check-setup.sh first (SKILL.md mandates it) and verify the outputs before allowing any operations. If you want to proceed: supply only the minimum credentials needed for your chosen access method (REST token or SSH key), avoid HA_SSH_PASS/sshpass, and keep backups of your HA config. If you need higher assurance, ask the skill publisher to correct the metadata so required env vars/binaries reflect the real, conditional requirements.

Like a lobster shell, security has layers — review code before you run it.

latestvk979ep1qykhbq824m9s3qkzejn847dst

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🏠 Clawdis
Binsssh, jq, curl, python3
Any binsshpass
EnvHA_URL, HA_TOKEN, HA_HOST, HA_SSH_PORT, HA_SSH_USER, HA_SSH_PASS, HA_CONFIG_PATH
Primary envHA_TOKEN

Comments