homeassistant-ops
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Authentication is managed via environment variables (HA_URL and HA_TOKEN), preventing the exposure of long-lived access tokens in the source code.- [SAFE]: The skill uses no external Node.js dependencies, relying exclusively on Node.js built-ins to maintain a minimal and secure attack surface.- [SAFE]: All network activity is directed toward the user's provided Home Assistant instance for legitimate REST and WebSocket API communication.- [SAFE]: The tool implements safe-by-default workflows, including dry-run operations for cleanup tasks and the ability to snapshot and rollback registry changes.- [SAFE]: File system interactions are limited to reading specific Home Assistant backup registry files (while explicitly skipping sensitive files like 'secrets.yaml') and writing operational logs.
Audit Metadata