ClawHub

py-homeassistant-cli

v1.0.10

Tiny and short Python CLI tool to control Home Assistant devices and automations via the REST API. No external dependencies — uses only Python 3.6+ standard...

0· 216·0 current·0 all-time
by@xwings
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, SKILL.md, README, and the included script all align: this is a Home Assistant CLI that talks to a user-provided Home Assistant REST API. The only mismatch is registry-level metadata that reported 'Required env vars: none' while the SKILL.md and the script clearly use HA_URL and HA_TOKEN.
Instruction Scope
Runtime instructions and the script confine actions to the Home Assistant REST API (server provided by HA_URL/--server). The SKILL.md explicitly asks for user confirmation before sensitive actions (locks, alarms, garage doors). The instructions do not ask to read unrelated files or contact external endpoints outside the configured HA server.
Install Mechanism
There is no install spec and no network downloads; the skill is instruction-only plus a bundled Python script. No external packages or arbitrary URLs are fetched during install.
Credentials
The script legitimately needs HA_URL and HA_TOKEN (long‑lived access token) — these are proportionate to its functionality. However, the registry metadata omitted those required env vars, which is an inconsistency users should be aware of. HA_TOKEN is sensitive: provide a token with minimal privileges and avoid sharing broadly.
Persistence & Privilege
The skill does not request always:true or any elevated persistence. It runs locally and only performs network calls to the configured HA server. Autonomous invocation is allowed (platform default) but is not combined with other concerning privileges.
Assessment
This skill is coherent for controlling Home Assistant and includes its source code so you can review it. Note the registry metadata omitted required env vars — you will need to provide HA_URL and a long‑lived HA_TOKEN (sensitive). Before installing: (1) create a dedicated long‑lived token with minimal scope for this CLI, (2) ensure HA_URL points to your trusted Home Assistant instance (prefer a private network address or HTTPS endpoint), (3) verify the confirmation prompts for sensitive actions are respected in your agent workflow, and (4) review the bundled script if you have any policy that forbids network calls from skills. If you want stricter limits, do not give this skill a token that can control locks, alarms, or garage doors.

Like a lobster shell, security has layers — review code before you run it.

latestvk979zwxh5wmt28tc1fgw90ckns8311f3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Environment variables
HA_URLrequired
HA_TOKENrequired

Comments