LoRa CAD air scanner
v1.0.5LoRa Channel Activity Detection (CAD) scanner for LilyGo T3 v1.6 (ESP32-PICO-D4 + SX1276) with HackRF One support. Scans a configurable frequency range using...
⭐ 0· 92·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the included files and runtime instructions: Arduino sketch for SX1276 CAD scanning, Pi monitor + decoder scripts, and optional HackRF support. Required tools (arduino-cli, pyserial, numpy, hackrf tools) are appropriate for the described functionality.
Instruction Scope
Runtime instructions stay within the declared purpose (flash sketch, read serial, parse CAD/packets, write local alerts). Two points to watch: (1) many paths and cron behavior are hardcoded to /home/admin/.openclaw/workspace and the OpenClaw cron pipeline — the operator must configure OpenClaw/cron to actually deliver Telegram alerts; (2) the monitor decodes LoRa payloads (including DevEUI/DevAddr and TTN Mapper coords) and writes logs/alerts locally. These actions are expected for a scanner but are sensitive from a privacy/regulatory perspective.
Install Mechanism
No automated install/spec; this is an instruction-only skill with source files. It asks users to use arduino-cli and pip to install common libraries (LoRa, U8g2, pyserial, numpy) — a proportional and standard approach. No arbitrary downloads or extract-from-URL steps are present.
Credentials
The skill requests no credentials or environment variables, which is appropriate. However it persistently stores decoded identifiers and may include geolocation (TTN Mapper) in alerts and lora_hits.json inside the workspace. Although the skill does not itself send data externally, the OpenClaw cron (user-configured) will forward lora_alert.txt to Telegram — treat these artifacts as sensitive.
Persistence & Privilege
always:false and no special platform privileges are requested. The monitor expects access to /dev/ttyACM0 and optionally to HackRF devices (udev permissions). The skill does not modify other skills or system configs; it writes only into the (hardcoded) OpenClaw workspace.
Assessment
This skill appears to do what it says (LoRa CAD scanning + optional HackRF pre-sweep + Telegram alerts via OpenClaw). Before installing: 1) Be aware of legal/regulatory constraints on RF monitoring in your region. 2) The monitor decodes and stores device identifiers (DevEUI, DevAddr) and may expose location-like fields (TTN Mapper); treat lora_hits.json, lora_scan.log and lora_alert.txt as sensitive. 3) The scripts hardcode /home/admin/.openclaw/workspace — either run/copy the scripts into that workspace or edit paths to match your environment. 4) OpenClaw cron is responsible for sending alerts to Telegram; verify the cron job and Telegram token are configured securely (the skill does not store tokens itself). 5) Review the included decoder if you do not want packet contents or identifiers to be parsed/stored; you can disable decoding or redact fields before writing alerts. If you want extra assurance, run the monitor in an isolated environment first and inspect the files it creates.Like a lobster shell, security has layers — review code before you run it.
latestvk97d0pszekd4s1zpqfbfx83rhh83j99r
License
MIT-0
Free to use, modify, and redistribute. No attribution required.