Tasmota
v0.1.0Discover, monitor, and control Tasmota smart home devices on local networks. Use when tasks involve finding Tasmota devices via network scanning, checking device status and power states, controlling devices (on-off, brightness, color), managing device inventory, or any other Tasmota management operations on ESP8266 or ESP32 devices running Tasmota firmware.
⭐ 0· 969·2 current·2 all-time
byWilliam Mantly@wmantly
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description align with the included scripts: discovery, control, and status collection via HTTP to local IPs. Minor inconsistencies: the status script expects the control script at Path.home()/.openclaw/workspace/scripts/tasmota-control.py (not the included relative scripts/ path) and discovery has a SUBNET constant but actually derives the subnet from the host IP — these are implementation quirks but not evidence of malicious intent.
Instruction Scope
Instructions direct the agent to perform a ping sweep and HTTP requests against hosts on the local subnet and to read a CSV inventory from the user's home (.openclaw/workspace/memory/tasmota-inventory.csv). That behavior is consistent with the stated purpose, but the status script hard-codes reading from a workspace path and spawns a local 'python3' subprocess pointing to a workspace path (which may not exist), so the script will access files under the user's home directory and execute local commands.
Install Mechanism
There is no install spec (instruction-only with included Python scripts). Nothing is downloaded from external URLs or extracted. Risk is limited to running the provided scripts on the host.
Credentials
The skill declares no required environment variables or credentials and the code does not attempt to read secrets. It does access Path.home() and expects to find an inventory CSV under .openclaw/workspace; this is proportional to its inventory/status functionality but is a file-system access the user should be aware of. The scripts also rely on system utilities (ping, python3) although no binaries were declared.
Persistence & Privilege
The skill does not request permanent presence (always is false), does not modify other skills or system-wide configuration, and does not persist credentials. It reads an inventory file and suggests saving scan output, but it will not write to system locations by itself.
Assessment
This skill appears coherent for discovering and controlling Tasmota devices, but review a few practical points before use: (1) The discovery script performs an active ping sweep and HTTP requests across your local /24 — run it only on networks you control and during maintenance windows if needed. (2) The status script expects an inventory CSV and a control script under ~/.openclaw/workspace; verify or adjust these paths before running so it doesn't fail or use unexpected files. (3) The scripts call local binaries (ping and python3) and execute subprocesses — ensure you run them in a safe environment and inspect the included Python files (they are provided) to confirm behavior. (4) Because the source is 'unknown', prefer running the scripts in an isolated agent or container initially and/or audit the files line-by-line if you need stronger assurance.Like a lobster shell, security has layers — review code before you run it.
latestvk973bms2n5q07d2kef9d0ata4x810h5p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.