ClawHub

Venus BLE Vibrator

v1.1.0

Control a Venus (Cachito) BLE vibrator from natural language. Calls a local HTTP server that broadcasts BLE commands to the toy via macOS CoreBluetooth. Requ...

0· 256·0 current·0 all-time
by@amandaclarke61
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: the skill sends curl POST/GET requests to a local ToyBridge HTTP server that broadcasts BLE commands to a Venus/Cachito toy on macOS. It does not request unrelated services or credentials.
Instruction Scope
SKILL.md only instructs the agent to call local endpoints (host.docker.internal or localhost) on port 8888 using curl and to follow the ToyBridge setup guide. It does not instruct the agent to read arbitrary host files or exfiltrate data. The only file references are to the ToyBridge repo the user is told to install separately.
Install Mechanism
Instruction-only skill with no install spec and no code files—nothing is downloaded or written by the skill itself, which minimizes install risk.
Credentials
No environment variables, secrets, or credentials are requested. The skill relies on a locally run server and macOS Bluetooth permissions, which are proportionate to the stated purpose.
Persistence & Privilege
The skill is not always-enabled and uses normal autonomous invocation defaults. It does not request persistent system-wide privileges or modify other skills' configurations.
Assessment
This appears coherent, but consider these practical safety steps before installing: - Only run the ToyBridge server from a source you trust (review the referenced GitHub repo) because the server code you run locally will control the device. - Ensure the bridge listens only on localhost (do not expose port 8888 to your network) so remote parties cannot control the toy. - Confirm the exact command the skill expects (the SKILL.md uses `uv run 4-bridge/server.py` which may be nonstandard); verify and run the server manually yourself before letting the agent call it. - The agent will execute shell curl commands; if you enable autonomous invocation, be comfortable with the agent making local HTTP calls and issuing shell commands. Consider restricting agent permissions or disabling autonomous runs if you prefer manual confirmation. - Be mindful of privacy and consent: device control is sensitive. Make sure all device owners consent to remote or automated control.

Like a lobster shell, security has layers — review code before you run it.

blevk97f156qtm6bfxgzfy4c2kmzgs82f8qjbluetoothvk97f156qtm6bfxgzfy4c2kmzgs82f8qjcachitovk97f156qtm6bfxgzfy4c2kmzgs82f8qjlatestvk9737e25ye053req9pmw3djm7582g1p9macosvk97f156qtm6bfxgzfy4c2kmzgs82f8qjsmart-devicevk97f156qtm6bfxgzfy4c2kmzgs82f8qjvenusvk97f156qtm6bfxgzfy4c2kmzgs82f8qjvibratorvk97f156qtm6bfxgzfy4c2kmzgs82f8qj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

OSmacOS

Comments