← 返回 Skills 市场

agentpass

Name: agentpass
Author: torbenwetter

作者 TorbenWetter · GitHub ↗ · v1.0.0 · MIT-0

linuxdarwin ✓ 安全检测通过

105

总下载

当前安装

版本数

在 OpenClaw 中安装

/install agentpass

功能描述

Control Home Assistant devices through the agentpass security gateway. Use when the user asks to control lights, switches, sensors, climate, or any smart hom...

使用说明 (SKILL.md)

agentpass — Home Assistant Gateway

Execute Home Assistant actions through a secure approval gateway. Read-only queries execute instantly. State-changing actions (turning lights on/off, calling services) are sent to a human guardian on Telegram for approval before execution.

IMPORTANT: The agentpass request command is a BLOCKING command. For tools that need approval, it will wait up to 15 minutes for the guardian to respond on Telegram. You MUST use background: false when executing agentpass request commands to prevent auto-backgrounding. The command returns the actual execution result once approved, or an error if denied/timed out. Do NOT tell the user to "check Telegram" or "approve the request" — just wait silently for the command to finish and then report the result.

Commands

List available tools

agentpass tools

Execute a tool

agentpass request \x3Ctool_name> [key=value ...]

Output is JSON on stdout. Errors go to stderr. Exit codes: 0 = success, 1 = denied, 2 = timeout, 3 = connection error, 4 = invalid args.

Available Tools

Read-only (auto-approved, instant)

Get a single entity state:

agentpass request ha_get_state entity_id=light.living_room

Get all entity states:

agentpass request ha_get_states

List available HA services and their fields:

agentpass request ha_get_services

Get state history for an entity (last 24h):

agentpass request ha_get_history entity_id=sensor.temperature

Get logbook entries for an entity (last 24h):

agentpass request ha_get_logbook entity_id=light.living_room

Get Home Assistant configuration:

agentpass request ha_get_config

Requires human approval (command blocks until resolved)

These commands block until approved or denied. Always use background: false to prevent auto-backgrounding.

Call a Home Assistant service:

# exec with background: false
agentpass request ha_call_service domain=light service=turn_on entity_id=light.living_room
agentpass request ha_call_service domain=light service=turn_on entity_id=light.bedroom brightness=128 color_name=red
agentpass request ha_call_service domain=switch service=toggle entity_id=switch.fan
agentpass request ha_call_service domain=climate service=set_temperature entity_id=climate.thermostat temperature=21

The domain and service args are used for the URL path. All other args (entity_id, brightness, color_name, temperature, etc.) are sent as the JSON request body.

Render a Home Assistant template:

# exec with background: false
agentpass request ha_render_template template="{{ states('sensor.temperature') }} degrees"

Always denied (blocked by policy)

ha_fire_event — firing custom events is blocked
ha_call_service with domain=lock — lock control is blocked

Important Notes

entity_id format: Always domain.object_id, e.g. light.living_room, sensor.temperature, switch.garden_pump. Must be lowercase with underscores.
domain/service format: Lowercase with underscores, e.g. light, turn_on, set_temperature.
Approval timeout: If the human guardian doesn't respond within 15 minutes, the request is automatically denied.
Discover entities first: If you don't know an entity's ID, run ha_get_states to list all entities, or ha_get_services to see available services and their parameters.
Service parameters: Use ha_get_services to discover which parameters a service accepts (e.g. brightness, color_name, rgb_color, temperature, hvac_mode).

安全使用建议

This skill appears coherent, but before installing: 1) Verify the agentpass CLI binary/package comes from the official project (inspect the GitHub releases or source) rather than an untrusted registry; 2) Limit the AGENT_TOKEN permissions to only what's needed and rotate/revoke if unsure; 3) Confirm the AGENTPASS_URL points to your intended gateway and that the human-guardian Telegram account is trusted; 4) Be aware requests may block the agent for up to 15 minutes while awaiting human approval; 5) If you need stronger assurance, run the agentpass binary in an isolated environment and review network traffic to confirm it only communicates with the declared gateway.

功能分析

Type: OpenClaw Skill Name: agentpass Version: 1.0.0 The agentpass skill provides a CLI-based interface for controlling Home Assistant via a security gateway. It features a human-in-the-loop approval system via Telegram for state-changing actions and explicitly blocks high-risk operations like lock control. The instructions in SKILL.md are consistent with the stated purpose of managing smart home devices securely, and no indicators of data exfiltration, malicious execution, or harmful prompt injection were found.

能力评估

✓ Purpose & Capability

Name/description, required binaries (agentpass), and required env vars (AGENTPASS_URL, AGENT_TOKEN) align with a gateway-based Home Assistant control client. The requested artifacts are what you'd expect for a CLI that forwards requests to a remote gateway.

✓ Instruction Scope

SKILL.md only instructs using the agentpass CLI to list tools, query states, or submit requests that may block for human Telegram approval. It does not ask the agent to read unrelated files, environment variables, or system state. Note: the skill requires the agent to block and wait up to 15 minutes for approvals instead of prompting the user to manually check Telegram.

ℹ Install Mechanism

Install metadata uses a 'uv' package entry to create the agentpass binary. This is not a direct URL download (lower risk), but 'uv' is an uncommon installer in this metadata — verify that the package source is the official project (e.g., the GitHub repo listed) before installing.

✓ Credentials

Only AGENTPASS_URL and AGENT_TOKEN are required, which is proportionate for a remote gateway client. No unrelated secrets, system config paths, or extra credentials are requested.

✓ Persistence & Privilege

always is false and the skill is user-invocable with normal autonomous invocation allowed. The skill does not request persistent platform-wide privileges or access to other skills' configs in the provided instructions.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install agentpass
安装完成后，直接呼叫该 Skill 的名称或使用 /agentpass 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of agentpass — a secure gateway for Home Assistant control. - Enables read-only Home Assistant queries instantly. - Executes state-changing actions (e.g., turning devices on/off) only after human approval via Telegram. - Blocks sensitive actions for up to 15 minutes, awaiting approval or denial. - Provides commands to get entity states, list services, check history, and call services with strong access control. - Certain risky actions (custom event firing, lock control) are always denied.

元数据

Slug agentpass

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

agentpass 是什么？

Control Home Assistant devices through the agentpass security gateway. Use when the user asks to control lights, switches, sensors, climate, or any smart hom... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 105 次。

如何安装 agentpass？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install agentpass」即可一键安装，无需额外配置。

agentpass 是免费的吗？

是的，agentpass 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

agentpass 支持哪些平台？

agentpass 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（linux, darwin）。

谁开发了 agentpass？

由 TorbenWetter（@torbenwetter）开发并维护，当前版本 v1.0.0。