Skills
skills/daaab/agent-skills/switchbot/Gen Agent Trust Hub

switchbot

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill makes network requests exclusively to api.switch-bot.com, which is the official endpoint for the SwitchBot Cloud API service. These requests are used for device discovery and control as described in the skill's purpose.
  • [CREDENTIALS_UNSAFE]: The skill instructs the user to store API credentials in a local configuration file (~/.config/switchbot/credentials.json) and correctly recommends restrictive file permissions (chmod 600) to protect the data. This follows standard security best practices for local secret management.
  • [COMMAND_EXECUTION]: The Python script uses sys.argv to parse command-line arguments for device IDs and commands. These inputs are passed directly to urllib.request for API calls or used in conditional logic, with no shell execution (os.system or subprocess.run) of untrusted input detected.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 11:02 PM