ha-api

Integrates with Home Assistant's REST and WebSocket APIs for efficient API calls and real-time event management.

Install this skill

or

0/100

Security score

The ha-api skill was audited on Feb 12, 2026 and we found 54 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 45

Template literal with variable interpolation in command context

SourceSKILL.md

45

```bash

medium line 82

Template literal with variable interpolation in command context

SourceSKILL.md

82

```bash

medium line 88

Template literal with variable interpolation in command context

SourceSKILL.md

88

```bash

medium line 525

Template literal with variable interpolation in command context

SourceSKILL.md

525	"Authorization": `Bearer ${HA_TOKEN}`,

medium line 531

Template literal with variable interpolation in command context

SourceSKILL.md

531	const response = await fetch(`${HA_URL}/api/states`, { headers });

medium line 533

Template literal with variable interpolation in command context

SourceSKILL.md

533	throw new Error(`HTTP ${response.status}: ${response.statusText}`);

medium line 540

Template literal with variable interpolation in command context

SourceSKILL.md

540	const response = await fetch(`${HA_URL}/api/states/${entityId}`, { headers });

medium line 542

Template literal with variable interpolation in command context

SourceSKILL.md

542	throw new Error(`Entity ${entityId} not found`);

medium line 545

Template literal with variable interpolation in command context

SourceSKILL.md

545	throw new Error(`HTTP ${response.status}`);

medium line 548

Template literal with variable interpolation in command context

SourceSKILL.md

548	console.log(`${entityId}: ${state.state}`);

medium line 556

Template literal with variable interpolation in command context

SourceSKILL.md

556	`${HA_URL}/api/services/${domain}/${service}`,

medium line 565

Template literal with variable interpolation in command context

SourceSKILL.md

565	throw new Error(`HTTP ${response.status}: ${error}`);

medium line 574

Template literal with variable interpolation in command context

SourceSKILL.md

574	console.log(`Found ${states.length} entities`);

medium line 596

Template literal with variable interpolation in command context

SourceSKILL.md

596	const ws = new WebSocket(`${HA_URL}/api/websocket`);

medium line 621

Template literal with variable interpolation in command context

SourceSKILL.md

621	console.log(`${data.entity_id} changed:`);

medium line 622

Template literal with variable interpolation in command context

SourceSKILL.md

622	console.log(` ${data.old_state.state} → ${data.new_state.state}`);

medium line 643

Template literal with variable interpolation in command context

SourceSKILL.md

643

```bash

medium line 83

Curl to non-GitHub URL

SourceSKILL.md

83	curl -X GET "http://ha:8123/api/states" \

medium line 89

Curl to non-GitHub URL

SourceSKILL.md

89	curl -X GET "http://ha:8123/api/states" \

medium line 645

Curl to non-GitHub URL

SourceSKILL.md

645	curl -X GET "http://localhost:8123/api/states" \

medium line 649

Curl to non-GitHub URL

SourceSKILL.md

649	curl -X GET "http://localhost:8123/api/states/light.living_room" \

medium line 653

Curl to non-GitHub URL

SourceSKILL.md

653	curl -X POST "http://localhost:8123/api/services/light/turn_on" \

medium line 663

Curl to non-GitHub URL

SourceSKILL.md

663	curl -X POST "http://localhost:8123/api/services/light/turn_off" \

medium line 669

Curl to non-GitHub URL

SourceSKILL.md

669	curl -X POST "http://localhost:8123/api/services/climate/set_temperature" \

medium line 678

Curl to non-GitHub URL

SourceSKILL.md

678	curl -X GET "http://localhost:8123/api/services/light" \

medium line 682

Curl to non-GitHub URL

SourceSKILL.md

682	curl -X POST "http://localhost:8123/api/services/automation/trigger" \

medium line 688

Curl to non-GitHub URL

SourceSKILL.md

688	curl -X POST "http://localhost:8123/api/template" \

medium line 862

Curl to non-GitHub URL

SourceSKILL.md

862	curl -X POST "http://ha:8123/api/services/light/turn_on" \

medium line 866

Curl to non-GitHub URL

SourceSKILL.md

866	curl -X POST "http://ha:8123/api/services/light/turn_on/light.living_room"

low line 521

Access to .env file

SourceSKILL.md

521	const HA_URL = process.env.HA_URL \|\| "http://localhost:8123";

low line 522

Access to .env file

SourceSKILL.md

522	const HA_TOKEN = process.env.HA_TOKEN;

low line 592

Access to .env file

SourceSKILL.md

592	const HA_URL = (process.env.HA_URL \|\| "http://localhost:8123").replace(/^http/, "ws");

low line 593

Access to .env file

SourceSKILL.md

593	const HA_TOKEN = process.env.HA_TOKEN;

low line 38

External URL reference

SourceSKILL.md

38	export HA_URL="http://192.168.1.100:8123"

low line 83

External URL reference

SourceSKILL.md

83	curl -X GET "http://ha:8123/api/states" \

low line 89

External URL reference

SourceSKILL.md

89	curl -X GET "http://ha:8123/api/states" \

low line 424

External URL reference

SourceSKILL.md

424	HA_URL = os.getenv("HA_URL", "http://localhost:8123")

low line 478

External URL reference

SourceSKILL.md

478	HA_URL = os.getenv("HA_URL", "http://localhost:8123").replace("http", "ws")

low line 521

External URL reference

SourceSKILL.md

521	const HA_URL = process.env.HA_URL \|\| "http://localhost:8123";

low line 592

External URL reference

SourceSKILL.md

592	const HA_URL = (process.env.HA_URL \|\| "http://localhost:8123").replace(/^http/, "ws");

low line 645

External URL reference

SourceSKILL.md

645	curl -X GET "http://localhost:8123/api/states" \

low line 649

External URL reference

SourceSKILL.md

649	curl -X GET "http://localhost:8123/api/states/light.living_room" \

low line 653

External URL reference

SourceSKILL.md

653	curl -X POST "http://localhost:8123/api/services/light/turn_on" \

low line 663

External URL reference

SourceSKILL.md

663	curl -X POST "http://localhost:8123/api/services/light/turn_off" \

low line 669

External URL reference

SourceSKILL.md

669	curl -X POST "http://localhost:8123/api/services/climate/set_temperature" \

low line 678

External URL reference

SourceSKILL.md

678	curl -X GET "http://localhost:8123/api/services/light" \

low line 682

External URL reference

SourceSKILL.md

682	curl -X POST "http://localhost:8123/api/services/automation/trigger" \

low line 688

External URL reference

SourceSKILL.md

688	curl -X POST "http://localhost:8123/api/template" \

low line 792

External URL reference

SourceSKILL.md

792	- [Home Assistant REST API](https://developers.home-assistant.io/docs/api/rest)

low line 793

External URL reference

SourceSKILL.md

793	- [Home Assistant WebSocket API](https://developers.home-assistant.io/docs/api/websocket)

low line 794

External URL reference

SourceSKILL.md

794	- [Home Assistant Authentication](https://developers.home-assistant.io/docs/auth_api)

low line 795

External URL reference

SourceSKILL.md

795	- [Home Assistant Integration API](https://www.home-assistant.io/integrations/api/)

low line 862

External URL reference

SourceSKILL.md

862	curl -X POST "http://ha:8123/api/services/light/turn_on" \

low line 866

External URL reference

SourceSKILL.md

866	curl -X POST "http://ha:8123/api/services/light/turn_on/light.living_room"

Scanned on Feb 12, 2026

View Security Dashboard

Installation guide →

GitHub Stars 2

Rate this skill

Categorydevelopment

UpdatedMay 21, 2026

majiayu000/claude-skill-registry-data