← Back to Skills Marketplace
hogar23

Home Assistant Control

by Hogar23 · GitHub ↗ · v1.0.3
cross-platform ✓ Security Clean
903
Downloads
0
Stars
2
Active Installs
5
Versions
Install in OpenClaw
/install home-assistant-control
Description
Control and inspect Home Assistant via REST API for entities, states, services, scenes, scripts, and automations. Use when the user asks to turn devices on/o...
README (SKILL.md)

Home Assistant Control

Use Home Assistant REST API with a long-lived access token.

Requirements

For skill users (runtime)

  • bash
  • curl
  • jq
  • Home Assistant long-lived token (HA_TOKEN)
  • Home Assistant public base URL (HA_URL_PUBLIC)

For skill maintainers (packaging/validation)

  • python3
  • pyyaml (required by skill-creator validator/packager scripts)

Required environment variables

  • HA_TOKEN (required)
  • HA_URL_PUBLIC (required; canonical target and fallback)
  • Optional URL behavior:
    • if HA_URL_LOCAL is set (and no HA_URL override), local is tried first, then fallback to HA_URL_PUBLIC
    • HA_URL is an explicit override (if set, used directly)

Secrets handling (publish-safe)

  • Keep keys/URLs in an external file, not in the skill folder.
  • Set HA_ENV_FILE=/absolute/path/to/file.env when you want file-based secret loading.
  • If HA_ENV_FILE is not set, scripts only use environment variables already present in the shell.
  • scripts/ha_call.sh and scripts/self_check.sh load env file only when HA_ENV_FILE is provided.

Core workflow

  1. Parse the user request into target entity/service + desired action.
  2. Check references/naming-context.md for manual alias mappings first.
  3. Verify entity exists before changing state.
  4. Execute service call.
  5. Re-check state and report outcome clearly.

Useful endpoints

  • List states: GET /api/states
  • Single state: GET /api/states/{entity_id}
  • Call service: POST /api/services/{domain}/{service}

Headers:

  • Authorization: Bearer $HA_TOKEN
  • Content-Type: application/json

Scripts

  • scripts/ha_env.sh — loads env file only when HA_ENV_FILE is explicitly set, using safe KEY=VALUE parsing (no source/eval).
  • scripts/ha_call.sh — generic API caller for Home Assistant.
  • scripts/fill_entities_md.sh — generate references/entities.md from GET /api/states.
    • Full map: ./scripts/fill_entities_md.sh
    • Filter domains: ./scripts/fill_entities_md.sh --domains light,switch,climate,sensor
  • scripts/save_naming_context.sh — refresh references/naming-context.md for user-specific naming.
    • ./scripts/save_naming_context.sh
  • scripts/ha_entity_find.sh — search entities by partial entity id or friendly name.
    • ./scripts/ha_entity_find.sh kitchen
    • ./scripts/ha_entity_find.sh temp --domains sensor,climate --limit 30
  • scripts/ha_safe_action.sh — execute service actions with safety checks and risk confirmation.
    • ./scripts/ha_safe_action.sh light turn_on light.kitchen '{"brightness_pct":60}'
    • ./scripts/ha_safe_action.sh lock unlock lock.front_door --dry-run
    • Add --yes to bypass interactive confirmation for risky domains.
  • scripts/self_check.sh — verify prerequisites and API connectivity/auth before running actions.
    • ./scripts/self_check.sh

Safety

  • Confirm before high-impact actions (locks, alarms, garage/doors, heating shutdown).
  • Do not print raw token values.
  • If target entity is ambiguous, ask a follow-up question.
  • Keep API paths scoped to Home Assistant endpoints only (/api/...).
  • Use only HTTP(S) Home Assistant base URLs (HA_URL*), prefer HTTPS for public access.
  • Avoid code execution when loading env files: parse key/value pairs, do not use source on untrusted paths.

Reference files

  • references/entities.md — entity inventory
  • references/naming-context.md — user alias memory for natural names (e.g. "living room light")

Publishing notes

  • Keep examples generic (example_* IDs), no personal hostnames/tokens.
  • Do not commit .env or any private env file with real tokens.
  • Keep the skill focused: API workflow + reusable scripts + entity reference.
Usage Guidance
This skill appears to do exactly what it says: call Home Assistant's REST API and provide helper scripts. Before installing, ensure you trust the skill source and the GitHub repo, and keep in mind that HA_TOKEN is powerful — anyone with it can control devices. Store HA_TOKEN in a private file with strict permissions (the skill supports an HA_ENV_FILE), prefer HTTPS HA_URL_PUBLIC for remote access, and review the scripts yourself if you want to be extra cautious. Run scripts/self_check.sh first to validate connectivity and environment. If you need least-privilege access, consider creating a token with limited permissions in Home Assistant rather than using a full-administration token.
Capability Analysis
Type: OpenClaw Skill Name: home-assistant-control Version: 1.0.3 The skill bundle is benign. It demonstrates robust security practices, particularly in `scripts/ha_env.sh` which safely parses environment files by allowlisting keys and avoiding `source`/`eval` for untrusted paths. `scripts/ha_call.sh` and `scripts/ha_safe_action.sh` implement strict input validation, URL scheme checks, API path scoping, and use `jq --arg` for safe JSON payload construction, mitigating shell and JSON injection risks. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts in the documentation (`SKILL.md`, `README.md`).
Capability Assessment
Purpose & Capability
Name/description match the requested binaries and environment variables: bash, curl, jq and HA_TOKEN/HA_URL_* are exactly what a Home Assistant REST wrapper needs. Scripts operate against /api/... endpoints and provide entity discovery, safe action execution, and reference generation — all coherent with the stated purpose.
Instruction Scope
SKILL.md and the scripts confine their actions to Home Assistant API calls and local reference files. They validate paths begin with /api/, avoid arbitrary shell eval when loading env files, confirm entities before acting, and require explicit user confirmation for risky domains. No instructions ask the agent to read unrelated system files or send data to endpoints outside the configured HA base URL.
Install Mechanism
There is no install spec (instruction-only packaging). The repo includes shell scripts only; no external downloads or package installs are performed by the skill itself, minimizing install-time risk.
Credentials
Requested env vars (HA_TOKEN, HA_URL_PUBLIC, optional HA_URL_LOCAL/HA_URL/HA_ENV_FILE) are necessary and proportionate for talking to Home Assistant. The included ha_env.sh explicitly allowlists keys and parses env files without sourcing, limiting scope. The skill does require a long-lived token (which by design can control devices) — this is appropriate for the capability but carries the expected privilege.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges or modify other skills. It does not persist credentials into unrelated configs. Scripts write only to their own reference files (entities/naming-context) and temporary files during operation.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install home-assistant-control
  3. After installation, invoke the skill by name or use /home-assistant-control
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
Security fix: remove source() from env loading; use safe KEY=VALUE parser
v1.0.2
Align strict required env metadata with runtime checks
v1.0.1
Reduce scanner risk: explicit HA_ENV_FILE loading, tighten metadata/docs
v1.0.0
Initial clean release from canonical repo
v0.1.1
- Initial release of Home Assistant Control skill. - Added full documentation with usage notes, requirements, scripts, and safety practices. - Published 56 files including scripts, references, Git metadata, and configuration files. - Introduced `homepage` and `metadata` fields in skill description. - Updated publishing notes to emphasize not committing any private environment files.
Metadata
Slug home-assistant-control
Version 1.0.3
License
All-time Installs 2
Active Installs 2
Total Versions 5
Frequently Asked Questions

What is Home Assistant Control?

Control and inspect Home Assistant via REST API for entities, states, services, scenes, scripts, and automations. Use when the user asks to turn devices on/o... It is an AI Agent Skill for Claude Code / OpenClaw, with 903 downloads so far.

How do I install Home Assistant Control?

Run "/install home-assistant-control" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Home Assistant Control free?

Yes, Home Assistant Control is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Home Assistant Control support?

Home Assistant Control is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Home Assistant Control?

It is built and maintained by Hogar23 (@hogar23); the current version is v1.0.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments