There are issues here that could lead to more security problems. The OAUTH token for the entirety of RM exists in that URL. This means that with some knowledge of HE someone could take that link and do almost anything that you do with RM.
I would give them the opener then have the whole motor powered off when not in use. Use a zigbee button as an opener in the car that powers on the opener and then sends the open signal.
Or buy a security control panel and make a code for the contractor that only works between certain hours
I would advise against this as well.. the OAUTH key is the same for all cloud dashboards. Wouldn’t be hard to find all of the other dashbaords you have with that one link. Also, for the more experinced, the cloud endpoint for dashboards is exposed and can control any device, in a dashboard or not....
Truthfully these weaknesses are why I keep my hub off the net. I have heard rumor that they are working on a new version of dashboards that addresses some of these Issues.
Simply having the dashboard app installed enables the cloud endpoint that can control all devices. Whether any dashboards are cloud enabled or not.