Skills
skills/steipete/clawdis/openhue/Gen Agent Trust Hub

openhue

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions to execute the openhue command-line utility. This allows the agent to list lights and rooms, and to modify their state (on/off, brightness, color) via a Hue Bridge.
  • [EXTERNAL_DOWNLOADS]: The skill defines an automated setup process using the Homebrew package manager to download and install the openhue-cli from its official GitHub tap (openhue/cli/openhue-cli).
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection if an attacker can control names on the user's Hue Bridge.
  • Ingestion points: Data enters through the output of discovery commands like openhue get light and openhue get room as documented in SKILL.md.
  • Boundary markers: The skill does not implement delimiters or instructions for the agent to ignore embedded instructions in the command output.
  • Capability inventory: The skill includes write capabilities to change device states using the openhue set command as documented in SKILL.md.
  • Sanitization: No sanitization or escaping of device names is performed before they are processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 02:17 AM