Is joeynyc/govee-lights safe?

https://github.com/openclaw/skills/tree/main/skills/joeynyc/govee-lights

92
SAFE

This skill provides legitimate integration with Govee smart lights through their official API. The code is clean and well-documented with no malicious functionality detected. The skill operates exactly as advertised - controlling smart lights through standard API calls.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (4)

MEDIUM API Key Environment Variable Access -10

The skill requires access to GOVEE_API_KEY environment variable to function, which represents credential access.

LOW External API Communication -15

The skill makes HTTP requests to external Govee API endpoints, which is expected but represents external communication.

LOW Third-party Integration Requirements -5

Skill requires setup with external service credentials and network access to function properly.

INFO Smart Home Device Control -15

The skill controls physical smart home devices which could have security implications if misused, but this is within the stated scope.