starling-home-hub
Controls Nest and Google Home smart home devices via the Starling Home Hub's local REST API. Supports thermostats, cameras, Nest Protects, Nest × Yale locks, temperature sensors, home/away control, and Nest weather service. Use this skill when managing Nest/Google Home devices through Starling Home Hub — reading device status, setting temperatures, getting camera snapshots, locking/unlocking doors, checking smoke/CO alerts, and toggling home/away mode.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/michaeljmoody/starling-home-hubStarling Home Hub (Nest/Google Home)
Community skill — not affiliated with or endorsed by Starling LLC, Google, Nest, or Apple. Nest is a trademark of Google LLC. Starling Home Hub is a product of Starling LLC. This skill requires a Starling Home Hub with firmware 8.0+ and the Developer Connect API enabled.
Overview
Control Nest smart home devices through the Starling Home Hub Developer Connect (SDC) local REST API using the starling.sh script.
Required Environment Variables
| Variable | Required | Secret | Description |
|---|---|---|---|
STARLING_HUB_IP | Yes | No | Local IP address of your Starling Home Hub (e.g. 192.168.1.151) |
STARLING_API_KEY | Yes | Yes | API key created in the Starling Home Hub app (Developer Connect section) |
Setup
Set these environment variables (never hardcode keys in scripts):
export STARLING_HUB_IP="192.168.1.xxx"
export STARLING_API_KEY="your-api-key" # From Starling Home Hub app
The script is at: scripts/starling.sh
Options: --http (downgrade to HTTP — not recommended), --raw (skip jq formatting)
HTTPS is the default. The script uses port 3443 unless --http is specified.
Security
API Key Management
- Always use the
STARLING_API_KEYenv var — never pass keys via--key(visible inpsoutput) - Never store keys in scripts, SKILL.md, or version-controlled files
- Use a
.envfile with restricted permissions:chmod 600 .env - Consider a secrets manager for production/automated setups
Least Privilege
- Create API keys with minimum required permissions in the Starling Home Hub app
- Use read-only keys unless you need to set properties or access camera streams
- Create separate keys for different automation tasks if possible
TLS Certificate Verification
- HTTPS is the default, but the script uses
curl -k(skip cert verification) because Starling Home Hub uses a self-signed certificate - This is acceptable on a trusted local network but increases MITM risk on untrusted networks
- To pin the hub's certificate instead:
starling.sh --cacert /path/to/hub-cert.pem status - When
--cacertis provided,-kis not used and full certificate verification applies
API Key in URL
- The Starling Developer Connect API requires the key as a URL query parameter (
?key=...) — this is the API's design, not a skill choice - URL query parameters can appear in access logs and browser history — this is mitigated by the API being local-only (no intermediary proxies/CDNs)
- Always use HTTPS to encrypt the key in transit on your local network
Network Security
- The Starling API is local network only by design — no cloud exposure
- Never port-forward 3080 or 3443 to the internet
- Always use HTTPS (default) to prevent local network sniffing of API keys and device data
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-michaeljmoody-starling-home-hub": {
"enabled": true,
"auto_update": true
}
}
}