homebridge
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONNO_CODECREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation provides several
curlcommands meant to be executed to interact with the Homebridge REST API. * Evidence: Examples show the use ofcurlfor authentication, listing accessories, and updating device characteristics. - [NO_CODE]: The skill refers to an external Python script,
scripts/homebridge_api.py, which is not included in the provided file list. * Evidence: The 'Using the Scripts' section lists multiple command-line examples that depend on this missing script. - [CREDENTIALS_UNSAFE]: The skill instructions require the user to store cleartext credentials (username and password) in a local configuration file. * Evidence: Documentation guides the user to create
~/.thinkfleet/credentials/homebridge.jsoncontaining sensitive authentication data.
Audit Metadata