ClawHub

ROS2 Introspection

v1.0.1

Execute core ROS 2 introspection commands to query the ROS graph (topics, nodes, services, actions, parameters). STRICTLY read-only.

0· 32·0 current·0 all-time
byBrian Robinson@bigrobinson
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (read-only ROS 2 introspection) matches the provided scripts and README: the wrapper runs 'ros2' introspection subcommands and setup.sh records the path to the ROS setup.bash. There are no unrelated credentials, cloud APIs, or extraneous binaries requested.
Instruction Scope
SKILL.md confines operations to read-only introspection and instructs using the safe wrapper. The wrapper enforce an allowlist for most commands. Minor caveats: (1) 'rqt_graph' is handled as a special case and is executed without going through the same allowlist/environment setup; (2) 'ros2 topic echo' and similar read operations can stream topic data (which may be sensitive) and may block or produce large outputs. These behaviors are consistent with legitimate introspection but worth awareness.
Install Mechanism
No install spec; only local scripts are included. The setup script writes a local config.json in the skill directory. No external downloads or extracted archives are performed.
Credentials
The skill requests no external credentials or environment variables. It does source the user's ROS setup.bash (necessary to run ros2 commands) and constructs an environment from that file — this is proportional to the stated purpose. The only stored config is the local ros_setup_path.
Persistence & Privilege
always is false and the skill does not request permanent system-wide privileges. The only persistent change is a config/config.json file inside the skill directory (written by setup.sh), which is reasonable for local configuration.
Assessment
This skill appears to do exactly what it claims: run read-only ROS 2 introspection commands. Before installing or invoking it, 1) run the provided scripts locally and inspect them (they are short and readable); 2) run setup.sh yourself to confirm the ros_setup_path it writes; 3) be cautious when running commands like 'topic echo' or 'param dump' since they can display or stream topic/parameter values that may contain sensitive robot data; 4) note that 'rqt_graph' is executed as a special case (it will launch a GUI) and is not passed through the same validation flow — if you don't want GUIs launched, avoid that subcommand; and 5) run the skill in an environment you control (or a container) if you have sensitive topics or networks. Overall the package is internally consistent and low-risk provided you follow these precautions.

Like a lobster shell, security has layers — review code before you run it.

latestvk9703eccftgxrsme2zh78weahs84dtbw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments