home-assistant

The manifest grants legitimate-looking WebFetch allowances but dangerously broad shell command permissions (Bash(source:*), Bash(find:*), Bash(grep:*), Bash(npx skills:*)). These allow remote code execution and wide local data access, enabling supply-chain and exfiltration attacks if fetched content or npm packages are malicious or compromised. Recommendations: apply least privilege — restrict Bash execution to specific, vetted scripts or disallow Bash(source:*); disable or narrowly scope npx usage; add explicit deny/whitelist for filesystem paths, arguments, and network endpoints; require integrity verification (hash/signature) of fetched scripts and packages; add runtime auditing and user approval gates for shell execution. Treat this manifest as a high-risk configuration until tightened.