Is hogar23/home-assistant-control safe?

https://github.com/openclaw/skills/tree/main/skills/hogar23/home-assistant-control

96
SAFE

This is a legitimate Home Assistant control skill that provides API integration for home automation devices. The skill includes appropriate safety measures and documentation, with no evidence of malicious intent.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (3)

LOW Contains executable shell scripts -10

The skill includes multiple bash scripts for Home Assistant API interaction. While these appear legitimate and well-documented, they represent executable code that could potentially be modified or misused.

INFO Environment file reading capability -5

The ha_env.sh script can read external files when HA_ENV_FILE is set, but restricts exports to specific Home Assistant-related environment variables only.

INFO IoT device control capabilities -10

As a Home Assistant integration, this skill can control physical devices including locks, alarms, and other home automation equipment, which carries inherent security implications if misused.