RealWorldClaw
WarnAudited by ClawScan on May 10, 2026.
Overview
RealWorldClaw is coherent for IoT control, but it gives an agent direct and persistent physical-device actuation using stored access codes without clear safety or approval boundaries.
Install only if you intentionally want your agent to control safe, isolated ESP32 hardware. Do not connect relays or servos to hazardous loads without independent safety interlocks. Protect config.json and access codes, require manual confirmation before actuation or monitor mode, and prefer pinned dependencies and verified device connections.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could switch relays, move servos, or send modified commands to real hardware, potentially affecting appliances or connected equipment.
The CLI sends actuator commands to configured devices, and arbitrary JSON from --value is merged into the outgoing command without validation, expanding beyond the documented safe parameters.
cmd = dict(ACTIONS[action_name])
if args.value:
cmd.update(json.loads(args.value))
...
client.publish(topic, json.dumps(command))Use only with safe test hardware unless explicit human approval is required for every actuation; validate command fields, restrict pins/actions, add dry-run and emergency-stop behavior, and clearly mark this as a high-impact physical-control skill.
A bad sensor reading, unsafe rule, or misunderstood condition could repeatedly trigger physical actions until the process is manually stopped.
Monitor mode continuously evaluates saved rules and automatically sends actuator commands when sensor conditions match, with no visible debounce, maximum runtime, confirmation, or safety containment.
while True:
...
if evaluate_condition(rule["condition"], data):
print(f"[{ts}] 🔔 Rule '{rule['name']}' triggered! Executing {rule['action']}")
act_cmd = dict(ACTIONS.get(rule["action"], {}))
client.send_command(act_cmd)Add maximum run time, rate limits, hysteresis/debounce, per-rule approval, safe default actions, and clear user-facing warnings before enabling monitor mode.
A local network attacker or spoofed broker could be harder to detect, and device credentials or commands could be exposed or misdirected.
The skill uses the configured device access code as MQTT credentials while disabling TLS certificate verification for the connection.
client.username_pw_set("bblp", self.code)
client.tls_set(cert_reqs=ssl.CERT_NONE)
client.tls_insecure_set(True)Use verified TLS or certificate pinning where possible, protect config.json, rotate device access codes if exposed, and declare the device access code as a sensitive credential.
Future package changes or dependency-resolution issues could change behavior at install time.
The setup installs unpinned third-party packages. These packages are purpose-aligned for HTTP and MQTT access, but their versions and provenance are not locked by the artifact.
pip install httpx paho-mqtt
Pin dependency versions, provide a lockfile or install spec, and document the expected package sources.