ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ClawTV

v1.0.2

AI-powered Apple TV remote that uses vision to autonomously navigate apps, play content, control playback, and manage settings.

0· 707·0 current·0 all-time
by@akivasolutions
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill claims to perform vision-based Apple TV navigation and indeed requires Python and an Anthropic API key for the 'do' (vision) mode. Optional Plex integration is implemented and the README/requirements include plexapi. Requested artifacts (python3, ANTHROPIC_API_KEY) align with the described functionality.
Instruction Scope
SKILL.md and README explicitly instruct the agent to capture screenshots, save them to ~/.clawtv/screenshots/, and transmit screenshots + conversation history to Anthropic for the AI 'do' loop. Manual commands bypass the API. This behavior is within the stated scope but has clear privacy implications (screenshots may contain sensitive UI content) and should be understood before enabling AI mode.
Install Mechanism
No install spec is provided (instruction-only), which minimizes automatic disk writes by the registry installer. The package includes a Python single-file implementation and a requirements.txt referencing expected libraries (pyatv, anthropic, plexapi). No downloads from untrusted URLs or extract operations are present in registry metadata.
Credentials
Only ANTHROPIC_API_KEY is required by the skill (primary credential) which is appropriate for a vision/LLM integration. Optional Plex credentials are stored in ~/.clawtv/config.json for direct Plex control — these are not required by the skill but when used are stored unencrypted. The number and type of credentials requested are proportionate, but users should be aware of plaintext storage of pairing and Plex tokens.
Persistence & Privilege
The skill does not request always:true or elevated platform privileges. It persists data to user-home paths (~/.clawtv/) only and stores its own config and screenshots there, which is normal for a CLI tool. Persistent presence and autonomous invocation defaults are not abused.
Assessment
This skill is coherent for its purpose but handles sensitive data: screenshots of your TV are saved locally and (when using the AI 'do' mode) transmitted to Anthropic — only enable that mode if you trust sending those images externally. Plex tokens and Apple TV pairing credentials are stored unencrypted in ~/.clawtv/config.json; do not place secrets there if you cannot accept plaintext storage. Use a budget-limited Anthropic key, monitor API usage (the 'do' loop can make many calls), restrict file permissions on ~/.clawtv/, and prefer manual commands (cmd/type/launch/plex) when you want zero external data transmission. If you need higher assurance, inspect the included clawtv.py before running and consider running it in a restricted account or VM.

Like a lobster shell, security has layers — review code before you run it.

latestvk979rhce3v3m9mkh1f1xajq5z9815wen

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📺 Clawdis
Binspython3
EnvANTHROPIC_API_KEY
Primary envANTHROPIC_API_KEY

Comments