Security Audit

home-assistant

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

home-assistant received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Direct shell command injection in 'call' command via unsanitized data argument, Unsanitized user input in JSON payloads leads to API manipulation.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Network Access

2 findings

Shell Execution

3 findings

Dynamic Code

2 findings

Excessive Permissions

1 finding

Security Findings3

Severity	Finding	Layer	Location
CRITICAL	Direct shell command injection in 'call' command via unsanitized data argument The `call` command in `scripts/ha.sh` directly embeds the user-provided `$data` argument into the `curl -d "$data"` parameter. If `$data` contains shell metacharacters (e.g., `$(command)`, `;`, `\|`, `&`), these will be executed by the shell before `curl` is invoked. Furthermore, if `$data` contains double quotes or backslashes, it can break out of the quoted string and inject arbitrary `curl` arguments, potentially leading to further command injection (e.g., by adding `--output /dev/null; evil_command #`). This allows an attacker to execute arbitrary commands on the system running the skill. Use `curl`'s `--data-binary` or `--data-raw` option instead of `-d` to prevent shell interpretation of the `$data` argument. This ensures the data is passed literally to `curl`. Example: `api -X POST "$HA_URL/api/services/$domain/$service" --data-binary "$data"`	LLM	scripts/ha.sh:128
HIGH	Unsanitized user input in JSON payloads leads to API manipulation Multiple commands (`on`, `off`, `toggle`, `scene`, `script`, `automation`, `climate`) in `scripts/ha.sh` construct JSON payloads by directly embedding user-provided arguments (`entity`, `brightness`, `scene`, `script`, `auto`, `temp`) without proper escaping. An attacker can inject double quotes or backslashes into these arguments to break out of the JSON string, manipulate the API request (e.g., change `entity_id`, add/modify parameters), or potentially inject arbitrary `curl` arguments. This allows for unintended control over Home Assistant devices and services. Escape user-provided variables (`$entity`, `$brightness`, etc.) before embedding them into JSON strings. Using `jq -n --arg key "$value" '{$key: $value}'` to construct JSON payloads is a robust way to prevent injection. Alternatively, manually escape double quotes and backslashes.	LLM	scripts/ha.sh:45
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/snail3d/clawforgod/skills/home-assistant/scripts/ha.sh:7

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/bdcd8cae948f6360.svg)](https://skillshield.io/report/bdcd8cae948f6360)