ha-api-access

The skill provides straightforward, expected examples for interacting with a Home Assistant REST API using HA_URL and HA_TOKEN environment variables. There are no signs of malicious behavior, third-party exfiltration, obfuscated code, or download-and-execute patterns. The primary security issues are operational: storing long-lived tokens in ~/.zshrc increases exposure risk, and the documentation should advise HTTPS, token rotation, limiting token scope, and safer secret storage. Overall risk is low when used as intended, but user guidance should be improved to reduce token leakage.