Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Reachy Mini
v1.1.0Control a Reachy Mini robot (by Pollen Robotics / Hugging Face) via its REST API and SSH. Use for any request involving the Reachy Mini robot — moving the head, body, or antennas; playing emotions or dances; capturing camera snapshots; adjusting volume; managing apps; checking robot status; or any physical robot interaction. The robot has a 6-DoF head, 360° body rotation, two animated antennas, a wide-angle camera (with non-disruptive WebRTC snapshot), 4-mic array, and speaker.
⭐ 1· 1.9k·3 current·3 all-time
by@afalk42
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's purpose (control a Reachy Mini) matches the included scripts (curl to robot REST API, SSH/scp for snapshots, GStreamer capture). However the skill metadata declares no required environment variables or credentials while the scripts clearly rely on REACHY_HOST, REACHY_SSH_USER, and REACHY_SSH_PASS (with defaults). Not declaring these required secrets/binaries is an incoherence: a robot-control skill should explicitly declare the robot host and credential requirements.
Instruction Scope
SKILL.md and the scripts instruct the agent to call the robot's REST API and to SSH/SCP into the device to capture camera frames. The scripts use sshpass, disable host-key checking (-o StrictHostKeyChecking=no), and perform scp/ssh commands — actions that access remote device credentials and copy files. These instructions stay within the claimed domain (robot control) but include insecure SSH options and implicit credential use that should be explicit and justified.
Install Mechanism
No install spec (instruction-only + shipped scripts). That reduces installer risk because nothing is downloaded at install time. The runtime does depend on external binaries (curl, ssh, scp, sshpass, jq, gstreamer/Python GObject/Gst) but no packages are installed by the skill itself.
Credentials
The skill metadata lists no required environment variables or primary credential, but SKILL.md and the scripts require REACHY_HOST, REACHY_PORT, REACHY_SSH_USER, and REACHY_SSH_PASS (defaults provided, including a default password 'root'). The scripts will use sshpass if available and will accept a password from REACHY_SSH_PASS. This is disproportionate and under-declared: any skill that performs SSH to a device should declare and justify the credentials it needs and recommend safer alternatives (SSH key, restricted user).
Persistence & Privilege
always:false (good). The skill can be invoked autonomously (platform default). Combined with the ability to use provided SSH credentials and call arbitrary API endpoints (the CLI supports raw API calls), autonomous invocation would increase blast radius — but autonomous invocation alone is not a disqualifier.
What to consider before installing
This skill appears to genuinely control a Reachy Mini, but pay attention to the following before installing:
- Missing declarations: The skill metadata does NOT declare required environment variables or a primary credential, yet the scripts expect REACHY_HOST, REACHY_SSH_USER and REACHY_SSH_PASS. Treat that as a red flag — confirm where you'll store the robot host and credentials.
- Credentials & defaults: The documentation uses a default SSH password ('root') and the scripts will use sshpass if provided. Prefer creating a dedicated, unprivileged account on the robot and using an SSH key; avoid placing a plaintext password in environment variables if possible.
- Insecure SSH options: The scripts use StrictHostKeyChecking=no which disables host-key verification. That eases automation but makes man-in-the-middle attacks easier. If you proceed, replace sshpass/disabled host-key-checking with SSH keys and known_hosts pinning.
- Binaries required at runtime: The scripts rely on curl, jq, ssh, scp, sshpass (optional) and on GStreamer/Python GObject for on-robot snapshots. Ensure these are present and that running them with provided credentials is acceptable in your environment.
- Network & trust: The skill will attempt to contact whatever REACHY_HOST you configure (default is a local IP). Only install/use this skill on networks and devices you control and trust. Review the scripts (they are included) to verify they don't call any unexpected external endpoints — they only contact the robot in the provided files.
If you plan to use this skill: (1) remove or change default credentials on the robot, (2) prefer an SSH key and drop sshpass usage, (3) pin the robot's SSH host key, (4) set the required env vars explicitly and securely, and (5) audit the CLI's 'raw' and 'app-install' commands before giving the agent autonomous invocation rights.Like a lobster shell, security has layers — review code before you run it.
hugging facevk973eh1af7k4jse3xxaky07a9h802sr9latestvk973eh1af7k4jse3xxaky07a9h802sr9pollenvk973eh1af7k4jse3xxaky07a9h802sr9reachyvk973eh1af7k4jse3xxaky07a9h802sr9reachy minivk973eh1af7k4jse3xxaky07a9h802sr9robotvk973eh1af7k4jse3xxaky07a9h802sr9robot bodyvk973eh1af7k4jse3xxaky07a9h802sr9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.