ClawHub
Code Pluginsource linked

Lutron Casetav0.1.8

OpenClaw plugin for Lutron Caseta smart lighting control (scenes, Smart Away, devices, areas)

openclaw-lutron·runtime lutron-caseta·by @omarshahine
Community code plugin. Review compatibility and verification before install.
openclaw plugins install clawhub:openclaw-lutron
Latest release: v0.1.8Download zip

Capabilities

Tags
executes-codeenvironment:declaredrequires:binarybinary:lutronartifact:npm-packnpm-mirror:available
configSchema
Yes
Executes code
Yes
HTTP routes
0
Runtime ID
lutron-caseta

Compatibility

Built With Open Claw Version
2026.4.15
Plugin Api Range
>=2026.3.23
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The package purpose is coherent: it registers tools for Lutron Caseta lighting, scenes, shades, fans, Smart Away, occupancy, battery checks, and bridge export through the lutron CLI.
!
Instruction Scope
The skill explicitly documents broad state-changing workflows such as lutron_all_off for the whole house, scene activation, cover control, and Pico/keypad tap simulation, but does not instruct the agent to require confirmation for disruptive actions.
Install Mechanism
Installation is disclosed as an OpenClaw npm-pack plugin requiring the external lutron binary, with configuration for cliPath and bridgeHost; no install hooks or hidden setup scripts were found.
Credentials
Shelling out to lutron via execFile with argv arrays is proportionate for this integration, and static scan plus VirusTotal telemetry were clean, but the plugin depends on a paired local bridge that can affect the physical home.
!
Persistence & Privilege
The plugin itself does not add persistence, but it relies on lutron-cli pairing credentials/config and exposes lutron_export, which can reveal rooms, devices, scenes, occupancy groups, and buttons without a privacy warning.
Scan Findings in Context
[SQP-2] expected: The physical control tools are expected for a Lutron controller, but the lack of built-in confirmation or policy gating for whole-home and disruptive actions is a real user-control concern.
[SQP-2] expected: The documented whole-house lutron_all_off workflow matches the plugin purpose, but the wording and examples show it can be invoked broadly without an explicit confirmation step.
[SQP-2] expected: The export capability is useful for backup or diffing, but it can expose sensitive home layout and automation metadata and is under-disclosed from a privacy perspective.
What to consider before installing
Install only if you are comfortable giving an agent direct control over your Lutron bridge. Require explicit confirmation before whole-home actions like all-off, scene activation, shade movement, Smart Away changes, or Pico button taps, and treat exported bridge snapshots as sensitive home-layout data.

Verification

Tier
source linked
Scope
artifact only
Summary
Validated package structure and linked the release to source metadata.
Source
github.com/omarshahine/lutron-cli
Commit
5618a2bc97a3
Tag
v0.1.8
Provenance
No
Scan status
suspicious

Tags

latest
0.1.8