ROS 2 Skill

This skill appears to be a full-featured ROS 2 agent wrapper and largely matches its description, but review these points before installing: - Trust and autonomy: AGENTS.md explicitly instructs the agent to act autonomously and to treat the skill's rules as overriding other prompts. If your agent platform enforces safety or user-confirmation policies, this skill's instructions directly conflict. Only enable autonomous invocation for this skill if you fully trust it and your deployment policies. - External token access: The README documents reading ~/.nanobot/config.json for a Discord bot token and includes discord_tools.py which can post images to Discord. That file and token are not declared in the skill metadata. If you use a shared bot token or other secrets in that location, consider moving them or restricting this skill's filesystem/network access. - Files and system commands: The skill will run local Python scripts that can manage tmux sessions, run subprocesses, and write to .artifacts/.presets. Run the code in a sandboxed environment (or inspect scripts) before giving it access to a robot or networked machine. - Review rules and safety docs: Inspect references/RULES.md and AGENTS.md fully to ensure their operational rules align with your safety policies (e.g., mandatory 'try first' behavior, banned phrasing, automated recovery actions). These documents change agent behaviour in ways that may bypass your usual controls. - Mitigations: run tests in an isolated VM or container with no external network (or restricted network), remove or sanitize any sensitive config files (e.g., Discord tokens), and restrict the skill's permission to start tmux or modify system services until you have audited the code. If you are unsure, treat this skill as untrusted and perform a manual code review of discord_tools.py and any subprocess/requests usage before deployment.