ClawHub
Back to skill
v1.0.0

Niri IPC

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:14 AM.

Analysis

This is a coherent Niri control skill, but it gives an agent broad desktop IPC control, including raw destructive actions and shell-backed command spawning.

GuidanceInstall only if you want an OpenClaw agent to control your active Niri desktop. Prefer read-only queries and high-level helpers, and require explicit approval before raw IPC, close/reload/output changes, spawn, or spawn-sh commands.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
scripts/niri_socket.py
This script can trigger destructive actions (quit compositor, power off monitors, etc.) if you send those requests. Use with care.

The direct socket helper intentionally exposes raw Niri IPC; the artifact itself states that some requests can cause destructive compositor actions, and no allowlist or confirmation gate is shown.

User impactIf invoked incorrectly or under bad instructions, the agent could disrupt the active desktop session, including quitting the compositor or changing monitor state.
RecommendationRequire explicit user approval for raw socket requests and destructive Niri actions, and prefer narrower high-level helpers for routine window/workspace tasks.
Unexpected Code Execution
SeverityHighConfidenceHighStatusConcern
SKILL.md
./skills/niri-ipc/scripts/niri.py action spawn-sh -- 'notify-send hello'

The documented workflow allows shell-backed command spawning through Niri. The example is harmless, but the same pathway can run arbitrary shell text if invoked differently.

User impactThe agent could execute local commands in the user's graphical session, which may affect files, applications, or the desktop environment.
RecommendationAvoid or remove spawn-sh for routine use, or require a clear user confirmation and a command allowlist before any spawning action.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
metadata
Required binaries (all must exist): none ... Required env vars: none

The registry metadata does not declare prerequisites even though the skill documentation and scripts require Niri and NIRI_SOCKET. This is a transparency gap rather than evidence of hidden behavior.

User impactInstall-time checks may not warn the user that the skill only works in a Niri Linux session with the IPC socket available.
RecommendationDeclare the required niri binary, Linux/Niri session expectation, and NIRI_SOCKET dependency in metadata.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
scripts/niri_socket.py
p = os.environ.get("NIRI_SOCKET") ... s.connect(socket_path())

The helper connects to the local Niri IPC socket from the current session, so actions run with the user's existing compositor/session authority.

User impactThe skill does not request external credentials, but it can act as the current user within the active Niri desktop session.
RecommendationUse it only in the intended Niri session and treat compositor-mutating commands as privileged local actions.