Security Audit

home-assistant

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

home-assistant received a trust score of 66/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 0 high, 1 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Command Injection via unquoted user input in shell commands.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Shell Execution

2 findings

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Command Injection via unquoted user input in shell commands The `scripts/ha.sh` script directly interpolates user-provided arguments into `curl` commands without proper sanitization or quoting. Specifically, the `-d` (data) argument and parts of the URL path are constructed by concatenating shell variables. This allows an attacker to inject arbitrary shell commands or `curl` arguments by crafting malicious input. For example, in the `call` command, the `$data` argument is directly appended to the `curl` command, enabling shell command execution. Other commands like `on`, `off`, `toggle`, `scene`, `script`, `automation`, and `climate` construct JSON payloads by interpolating user input into a double-quoted string passed to `-d`, which can be escaped to inject shell commands. To prevent command injection, avoid direct interpolation of untrusted user input into shell commands. For JSON payloads passed via `-d`, construct the JSON using `jq` to ensure proper escaping of values, then pass the resulting JSON to `curl` via stdin (e.g., `echo "$json_payload" \| curl -d @- ...`). For URL path components, ensure variables are properly URL-encoded if they can contain special characters. For example, for the `call` command, validate and re-serialize `$data` as JSON using `jq` before passing it to `curl`.	LLM	scripts/ha.sh:124
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/snail3d/clawd/skills/home-assistant/scripts/ha.sh:7

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/9e59b3ac1ef3743c.svg)](https://skillshield.io/report/9e59b3ac1ef3743c)