switchbot
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script makes legitimate API calls to 'https://api.switch-bot.com/v1.1' to control smart home devices as described in the documentation.
- [CREDENTIALS_UNSAFE]: The skill provides clear instructions for the user to generate their own API credentials. It explicitly guides the user to store these in a local configuration file with restricted file permissions (chmod 600) and includes logic to check for these credentials locally rather than hardcoding them.
- [COMMAND_EXECUTION]: The script uses standard Python libraries (urllib, hmac, hashlib) to interact with the API. It processes command-line arguments to perform specific home automation tasks like opening curtains or toggling plugs.
- [DATA_EXFILTRATION]: No unauthorized data transmission was detected. Communication is limited to the official SwitchBot API endpoint for the purpose of device management.
Audit Metadata