← Back to Scanner

home-assistant Security Audit Report

🔭 Continuously monitored by ClawSecure Watchtower
Source:
SHA-256:

home-assistant is an AI agent skill, created by iahmadzain and published at openclaw/skills. ClawSecure audited home-assistant across 4 files through the 3-Layer Audit Protocol covering all ten OWASP ASI Top 10 categories, assigning a security score of 0/100 (High Risk). The 11 findings concentrate in Command Injection, Transitive Trust Abuse and Policy Violation, including Detects command injection patterns in agent skills: shell operators,... and Detects command injection patterns in agent skills: shell operators,.... 6 were rated high or critical severity.

Is home-assistant safe?

ClawSecure audited home-assistant and assigned a security score of 0/100 (High Risk), identifying 11 findings across Command Injection and Transitive Trust Abuse. Review the findings below before installing.

What did ClawSecure find in home-assistant?

ClawSecure identified 11 findings in home-assistant, concentrated in Command Injection, Transitive Trust Abuse and Policy Violation. 6 were rated high or critical severity. The most severe include Detects command injection patterns in agent skills: shell operators,... and Detects command injection patterns in agent skills: shell operators,....

How was home-assistant audited?

ClawSecure ran home-assistant through its 3-Layer Audit Protocol with full OWASP ASI Top 10 coverage, scanning 4 files from openclaw/skills.

What does a score of 0 mean?

ClawSecure assigned home-assistant a security score of 0/100, placing it in the High Risk range. This is driven by 11 findings led by Command Injection that should be addressed before use. ClawSecure derives this score with a weighted deduction model (critical -20, high -10, medium -5, low -2 from a base of 100).

Audit Findings for home-assistant

ClawSecure detected 11 security findings in home-assistant, spanning Command Injection, Transitive Trust Abuse, Policy Violation and Permissions Manifest.

Each finding is expandable in the interactive list below.

3-Layer Audit Protocol

Security Recommendations for home-assistant

Harden command execution
home-assistant constructs or runs system commands. Validate that commands are built only from trusted inputs, never pass user-controlled strings directly to a shell, and restrict execution to an allow-list of expected commands.
Resolve policy violations
home-assistant trips ClawSecure policy checks. Review each flagged pattern against your security policy and remediate or document an accepted exception before production use.
Add a config.json permissions manifest
A config.json file declares what an agent component can access: file system, network, shell execution and more. Without it, users have no visibility into what the component can do before installing. This is the single most impactful security improvement for any AI agent skill.

Related Security Research

Why Generic Scanners Fail at AI Agent SecurityUnderstanding Our 3-Layer Audit Protocol

Related AI Agent Security Audits

invassistantScore 0/100invassistantScore 0/100probe-10-curl-pipeScore 15/100clip-itScore 0/100clickup-skillScore 0/100

Scanned on February 7, 2026. home-assistant is one of thousands of agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.

Start Your Free Scan