ROS2 Execution
v1.0.1Execute ROS 2 commands (run, launch, call) in a sandboxed, allowlisted environment. Supports parameter profiles.
⭐ 0· 74·0 current·0 all-time
byBrian Robinson@bigrobinson
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name/description match the provided scripts and SKILL.md: the wrapper enforces an allowlist and workspace checks before invoking ros2. However the registry metadata claims no required binaries/config paths while the SKILL.md and scripts clearly require a sourced ROS 2 environment (ros2 on PATH, AMENT_PREFIX_PATH) and write/read config files under the skill directory and ~/.openclaw/workspace. This is a minor metadata inconsistency, not a functional mismatch.
Instruction Scope
Instructions and the safe_ros2_execution.py wrapper stay within the declared purpose: they read config/config.json and config/packages.json, verify package prefixes, optionally read YAML profiles from ~/.openclaw/workspace/ros_profiles, and execute ros2 commands without shell=True. A noteworthy operational risk: the wrapper sources the ROS setup.bash via a bash -c 'source ... && env' call to build the environment — sourcing a setup.bash will execute whatever is in that file (typical for ROS but a potential vector if a workspace's setup.bash is malicious). This behavior is expected for a tool that must load ROS environments.
Install Mechanism
No remote install/downloads or package installs are specified; the skill is delivered as local scripts and an SKILL.md. No high-risk installer URLs or archive extraction are present.
Credentials
The skill requests no secrets or external credentials and only needs access to ROS environment variables, skill-local config/, and optional user profile YAMLs in ~/.openclaw/workspace. That is proportionate to its purpose. Again, the registry metadata not listing required config paths/binaries is inconsistent with the scripts' runtime requirements.
Persistence & Privilege
The skill does not request 'always: true' or modify other skills; it writes a config.json under its own directory via setup.sh and reads its own config and packages.json. Model/autonomous invocation is enabled by default (disable-model-invocation: false) which is normal for user-invocable skills.
Assessment
This skill appears to do what it says: it enforces an allowlist and runs ros2 commands via a safe wrapper. Before installing, review and do the following: (1) inspect and maintain config/packages.json to ensure only trusted packages are allowlisted; (2) be aware that the wrapper sources your ROS setup.bash to capture environment variables — if a workspace's setup.bash contains unexpected code it will run when sourced, so only use workspaces you trust; (3) profiles live under ~/.openclaw/workspace/ros_profiles — keep sensitive data out of those files; (4) the registry metadata omits required binaries/config paths (ros2, AMENT_PREFIX_PATH, config/), so expect to manually ensure your ROS environment is correctly sourced and that ros2 is available; (5) if you want to limit autonomous runs, consider disabling model invocation for this skill. If you need higher assurance, manually run the provided scripts in a controlled environment and audit any setup.bash files in your workspaces before enabling the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk975vvqc576p8505m5eqshvyy984dpdg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.