ClawHub

py-homeassistant-cli

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill is a disclosed Home Assistant CLI, but it can read and control smart-home devices, including security-related ones, through your Home Assistant token.

Install this only if you want the agent to read and control your Home Assistant instance. Keep the Home Assistant token secret, prefer environment or secret storage over command-line token use, use HTTPS or a trusted local network, and insist on confirmation before locks, alarms, garage doors/gates, disabling automations, or generic service calls.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI02: Tool Misuse and Exploitation
Medium
What this means

The agent could change real-world device state, including locks, alarms, covers, automations, or other Home Assistant services.

Why it was flagged

The skill exposes direct control over Home Assistant devices and a generic service-call escape hatch. This is disclosed and purpose-aligned, but it can affect physical/security devices if used carelessly.

Skill content
lock <lock|unlock> <entity_id> ... alarm <arm_home|disarm> <entity_id> ... service <domain> <service> --data '{"entity_id": "light.living_room"}'
Recommendation

Require explicit user confirmation for security, safety, or broad generic service actions, and prefer specific commands over the generic service call when possible.

#
ASI03: Identity and Privilege Abuse
Medium
What this means

Anyone who obtains the token may be able to read Home Assistant state or control devices using the same permissions.

Why it was flagged

The skill requires a Home Assistant long-lived access token, which is expected for the API but may grant broad read/control permissions.

Skill content
Get a long-lived access token from Home Assistant ... export HA_TOKEN="your_long_lived_access_token" ... --token YOUR_TOKEN
Recommendation

Store HA_TOKEN securely, avoid exposing it in shell history or process lists when possible, rotate it if exposed, and use the least-privileged Home Assistant account/token available.

#
ASI06: Memory and Context Poisoning
Low
What this means

Private home activity, location, and schedule information could be displayed to the agent or included in later conversation context.

Why it was flagged

The skill can retrieve sensitive household context such as presence, location, calendar events, history, and logbook data. No persistence is shown, but the data may enter the agent conversation.

Skill content
presence [--trackers] ... calendar events <entity_id> ... history <entity_id> ... logbook ... tesla location       # GPS coordinates, heading, speed
Recommendation

Request only the specific Home Assistant data needed for the task and avoid sharing sensitive outputs beyond trusted conversations.