Trust Assessment
claw-hass received a trust score of 21/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 2 critical, 1 high, 2 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Missing required field: name, Unpinned npm dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/kordup/claw-hass/build/util/config.js:4 | |
| CRITICAL | Excessive Permissions via Unrestricted Home Assistant Service Calls The `ha:run_action` tool allows the AI agent (and by extension, the user) to specify arbitrary `serviceId` and `actionId` parameters, along with arbitrary JSON `data`. These inputs are directly used to invoke Home Assistant services via `client.runSequence` which sends an `execute_script` message to Home Assistant. This grants excessive permissions, as the tool can call any Home Assistant service that the configured `accessToken` has access to, potentially including administrative actions (e.g., `homeassistant.restart`, `hassio.addon_start`, `config.save`) or services that expose sensitive information, far exceeding the implied scope of 'Control Home Assistant devices'. This broad access creates a significant attack surface for malicious actors to manipulate the Home Assistant instance. 1. **Restrict Service Access**: Implement a strict whitelist of allowed `serviceId` and `actionId` combinations that align with the skill's intended functionality (e.g., only device control services). This whitelist should be configurable and enforced before invoking Home Assistant services. 2. **Input Validation**: Beyond basic JSON parsing, validate the structure and content of the `data` parameter against expected schemas for each whitelisted service to prevent unexpected or malicious inputs. 3. **Principle of Least Privilege**: Ensure the Home Assistant `accessToken` used by the skill has only the minimum necessary permissions required to perform its intended functions, thereby limiting the potential impact of any exploit. | LLM | build/index.js:60 | |
| HIGH | Unpinned Dependencies in package.json Several dependencies in `package.json` use caret (`^`) version ranges (e.g., `@toon-format/toon: ^2.1.0`, `home-assistant-js-websocket: ^9.6.0`, `json-schema: ^0.4.0`). While `package-lock.json` pins the versions at the time of installation, these ranges allow `npm install` to pull in newer minor or patch versions without explicit review if the `package-lock.json` file is missing or ignored. This introduces a supply chain risk, as a malicious update to one of these dependencies could be automatically incorporated into the skill, potentially introducing vulnerabilities or backdoors. Pin all dependencies to exact versions (e.g., `"2.1.0"` instead of `"^2.1.0"`). Regularly audit and update dependencies to ensure security patches are applied and no new vulnerabilities are introduced, performing manual review for major version changes. | LLM | package.json:15 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/kordup/claw-hass/SKILL.md:1 | |
| MEDIUM | Unpinned npm dependency version Dependency '@toon-format/toon' is not pinned to an exact version ('^2.1.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/kordup/claw-hass/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/85d6515035015159)
Powered by SkillShield