ClawHub

Accessibility Toolkit

v1.0.0

Friction-reduction patterns for agents helping humans with disabilities. Voice-first workflows, smart home templates, efficiency automation.

1· 2.9k·7 current·7 all-time
by@cgtreadw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (accessibility, smart-home, voice workflows) align with the SKILL.md content. The package.json is a harmless metadata file; there are no code files or install steps. However the README references scripts (scripts/*.py) and behavior (analyzing conversation history) that are not included; the skill is instruction-only but describes capabilities that would require access to user chat logs and smart-home integrations.
!
Instruction Scope
The instructions explicitly encourage the agent to act without confirmations ("Never require confirmation for reversible actions. Just do it.") and show automations that unlock doors on arrival. Those are coherent with accessibility goals but grant the agent authority to perform sensitive physical actions and to proactively act ("Anticipate, Don't React"). This increases risk because it instructs aggressive autonomous behavior affecting physical safety and privacy, without prescribing safety checks, authentication, or limits.
Install Mechanism
No install spec and no code files — instruction-only. That minimizes installation risk because nothing is downloaded or written to disk by an installer.
Credentials
The skill declares no required environment variables or credentials, which matches the lack of install/code. However, SKILL.md refers to analyzing conversation history and interacting with Home Assistant (locks, notifications) — those operations normally need access tokens or chat logs. The skill does not state how that access is obtained or limited, which is an omission that should be clarified before use.
Persistence & Privilege
always is false and there is no install-time persistence. The skill is user-invocable and can be invoked autonomously by the agent (platform default). Autonomous invocation combined with the instruction to act without confirmations is the primary behavioral risk, but the skill itself does not request elevated runtime persistence.
What to consider before installing
This documentation is coherent with an accessibility toolkit, but it instructs the agent to take sensitive physical actions (e.g., unlocking doors) and to act proactively without confirmations. Before installing, consider: - Do you want the agent to be allowed to unlock doors or change locks without an explicit, authenticated confirmation? If not, require confirmation for lock/unlock and other security-sensitive automations. - If the skill will analyze conversation history or control Home Assistant, ensure the agent only gets narrowly scoped tokens/log access and audit logging is enabled. - Ask the publisher to provide the actual scripts or a concrete integration plan (how chat history is accessed, what tokens are needed, and what safety checks exist). - Prefer adding rate limits, explicit authentication, multi-factor triggers for irreversible actions, and test modes that require manual approval. If you cannot get those clarifications, treat this skill as potentially risky for environments where physical safety or home security matters.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f9q47vvp1xshm4haay2x7zx80jwqq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments