ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

RealWorldClaw

v0.1.0

Give your AI agent physical world capabilities via RealWorldClaw — control ESP32 modules, read sensors (temperature, humidity, motion), actuate relays/servos...

0· 432·0 current·0 all-time
by@brianzhibo-design
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (control ESP32 sensors/actuators, automation) align with the provided CLI code (scripts/rwc.py) and protocol spec. The commands, device config, and rule management are coherent with the claimed purpose.
Instruction Scope
Runtime instructions and the CLI only reference config.json and rules.json inside the skill directory and network calls to local device IPs or the optional cloud API. Nothing in SKILL.md or the code asks to read unrelated system files or secrets, but the skill will perform network communication (local MQTT/HTTP and an external cloud API by default).
Install Mechanism
There is no packaged install spec (instruction-only), which minimizes install-time risk. The SKILL.md recommends installing two Python packages (httpx, paho-mqtt) via pip — a common, low-friction approach. No archives or arbitrary remote code downloads are performed during installation.
Credentials
The skill requests no environment variables or external credentials in the registry metadata, which is proportional. However, it does use a default external API (https://realworldclaw-api.fly.dev) if config.json is not changed; that endpoint could receive device or telemetry data if you call the platform API commands. Also, the code will use any access_code placed in config.json for MQTT auth.
Persistence & Privilege
The skill does not request always:true or elevated agent-wide privileges. It persists only its own config.json and rules.json in the skill directory. Autonomous invocation is allowed by default (platform normal), which combined with network access means the skill can perform device actions when invoked.
Assessment
This skill is internally consistent with its stated purpose (ESP32/IoT control) but review and harden a few things before use: 1) Inspect and edit config.json — replace the default api_url if you don't want data sent to the public endpoint. 2) Note MQTT is configured to skip TLS certificate verification (tls_insecure_set(True)), which is insecure for non-local/trusted networks — enable proper cert verification if using TLS or prefer plain local MQTT without TLS. 3) The CLI will read/write config.json and rules.json in the skill folder — treat those files as sensitive (they may contain device access codes). 4) Run the skill in a network-isolated environment (or firewall rules) if you plan to control production hardware. 5) Review the scripts/rwc.py source (already included) for any behavioral changes before running, and pin/verify the versions of httpx and paho-mqtt you install. If you need higher assurance, avoid using the default cloud API and only operate against devices on a trusted local network.

Like a lobster shell, security has layers — review code before you run it.

latestvk9717fcenp9wfg40enh9w1cxbd81mtd5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

RealWorldClaw — Physical World for AI Agents

Give any AI agent the ability to sense and act in the physical world.

Setup

  1. Install dependencies:
pip install httpx paho-mqtt
  1. Configure device connection in config.json (skill directory):
{
  "api_url": "https://realworldclaw-api.fly.dev/api/v1",
  "devices": [
    {
      "name": "my-esp32",
      "ip": "192.168.x.x",
      "access_code": "xxxxxxxx",
      "serial": "xxxxxxxxxxxx",
      "type": "esp32"
    }
  ]
}

Quick Start

Read sensor data

python3 scripts/rwc.py sense --device my-esp32

Returns temperature, humidity, and other connected sensor values.

Control actuator

python3 scripts/rwc.py act --device my-esp32 --action relay_on
python3 scripts/rwc.py act --device my-esp32 --action relay_off
python3 scripts/rwc.py act --device my-esp32 --action led --value '{"r":255,"g":0,"b":0}'

Create automation rule

python3 scripts/rwc.py rule add --name "cool-down" \
  --condition "temperature > 30" \
  --action "relay_on" \
  --device my-esp32

List devices and status

python3 scripts/rwc.py status
python3 scripts/rwc.py devices

Platform API (optional, for registered users)

python3 scripts/rwc.py api health
python3 scripts/rwc.py api modules
python3 scripts/rwc.py api register --username x --email x --password x

Commands Reference

CommandDescription
statusShow all device status
devicesList configured devices
sense --device NAMERead all sensors from device
act --device NAME --action ACTIONExecute actuator command
rule add/list/removeManage automation rules
api health/modules/register/loginPlatform API access
monitor --device NAME --interval 5Continuous monitoring mode

Supported Hardware

  • ESP32 / ESP32-C3 / ESP32-S3 with RWC firmware
  • Sensors: DHT22 (temp/humidity), PIR (motion), LDR (light), soil moisture
  • Actuators: Relay, Servo, LED (RGB), Buzzer
  • Communication: WiFi + MQTT (local) or HTTP (cloud API)

RWC Protocol

Devices expose capabilities via manifest. Read references/protocol.md for full spec.

Architecture

AI Agent (OpenClaw)
    ↓ skill command
RWC Skill (this)
    ↓ MQTT (local) or HTTP (cloud)
ESP32 Module
    ↓ GPIO
Physical World (sensors/actuators)

Local MQTT is preferred for low latency. Cloud API for remote access.

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…