Reachy Mini
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked incorrectly, the agent could move the robot, disrupt running apps, install or remove robot apps, restart services, or call arbitrary robot API endpoints.
The CLI exposes broad mutating robot operations and an unrestricted raw API escape hatch, which can affect apps, daemon behavior, and physical robot actions without documented confirmation or scoping.
app-install JSON Install an app (pass JSON body) ... reboot-daemon Restart the robot daemon ... raw METHOD PATH [BODY] Raw API call (GET/POST, path, optional JSON body)
Use explicit user confirmation for movement, camera, app install/remove, daemon, update, and raw API operations; restrict or remove the raw command unless truly needed.
A wrong or spoofed host on the network could receive the SSH password, and anyone relying on the default password may be exposing broad robot access.
The script defaults to an SSH password and disables SSH host-key verification, giving privileged robot access a weak trust boundary.
REACHY_SSH_PASS="${REACHY_SSH_PASS:-root}" ... sshpass -p "$REACHY_SSH_PASS" ssh -F /dev/null -o StrictHostKeyChecking=noChange the robot’s default password, prefer SSH keys, declare the SSH credential requirement clearly, and avoid disabling host-key checking.
Snapshots may include people, rooms, screens, or other private surroundings near the robot.
Camera capture and transfer are disclosed and purpose-aligned, but they still move potentially private visual data from the robot to a local file.
Capture JPEG photos from the robot's camera ... via WebRTC ... reachy.sh snap ... Save to /tmp/reachy_snap.jpg ... Requires SSH access
Only capture images when authorized, tell nearby people when the camera is used, and store snapshot files in an appropriate protected location.
A reaction could keep running briefly after the user thinks the action is complete.
The background mode is disclosed and opt-in, but it allows robot reactions to continue after the invoking shell command returns.
Reactions run in foreground by default. Pass --bg to background them. ... run_reaction "$@" & disown
Use foreground mode by default and reserve --bg for deliberate, monitored reactions.
Users have less provenance information to verify who maintains the robot-control scripts and whether they match an upstream project.
The registry does not provide an upstream source or homepage for scripts that control a physical robot over REST and SSH.
Source: unknown Homepage: none
Verify the publisher and script contents before installation, especially before enabling SSH or physical robot actions.