We checked this and rejected itsecurity

Home Assistant MCP (tevonsb): why it is not safe to use

Home Assistant MCP is clean and local-only, but it can unlock doors, disable alarms, and install code on your HA host, so we flagged it warn.

What we found

Home Assistant MCP (tevonsb) connects only to your local Home Assistant instance over HTTP and WebSocket. Our scan found no third-party endpoints, no telemetry, no hardcoded secrets, and no obfuscated or minified code. It is open-source TypeScript under an MIT license, and the access token is read from the `HASS_TOKEN` environment variable rather than embedded.

Three items held it at a warn (78/100). The skill can unlock doors, disable alarms, view cameras, and add or remove HACS packages and Supervisor add-ons, so a bad instruction could have physical and system impact. It requires a Home Assistant long-lived token, which is only as scoped as the user it belongs to and often carries full account access. Installing add-ons through Supervisor can let the model run new code on the HA host.

What to do instead

Create a dedicated Home Assistant user with the narrowest permissions your use case needs, and issue the token from that account. If you do not need package or add-on management, restrict or avoid those capabilities. Review which automations and devices the token can reach before connecting.

Want the same outcome, safely? Use our checked skill instead.

Source: https://github.com/tevonsb/homeassistant-mcp

We report what our security review found at the time we checked, with the goal of keeping people safe. Projects change; if a maintainer has since fixed this, we are glad to recheck it. Email hello@agentpod.com.

Copied to clipboard. Go back to ChatGPT or Claude and paste it to teach the skill.