Accessibility Toolkit
Security checks across malware telemetry and agentic risk
Overview
This instruction-only accessibility skill is mostly coherent, but it encourages proactive smart-home actions, including door unlocking, with minimal confirmation, so users should review safety boundaries before use.
Install only if you are comfortable using it as guidance, not as an automatic controller. Keep confirmations for door locks, alarms, access codes, medical/safety actions, and any irreversible or security-sensitive task; limit conversation-history analysis to explicit, user-approved reviews.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent connected to home automation could unlock doors or make other device changes too readily.
The skill instructs agents to skip confirmations and includes a smart-home template that unlocks the front door. If used with smart-home tools, a bad trigger or mistaken classification of an action as reversible could affect physical security without user review.
"Never require confirmation for reversible actions. Just do it." ... "service: lock.unlock" ... "entity_id: lock.front_door"
Require explicit opt-in and confirmation for locks, alarms, medical/safety actions, purchases, and other high-impact changes; define which actions are truly reversible and keep audit logs plus an easy undo path.
A home access code could be exposed in chat history, notifications, or shared screens if copied into real workflows.
The example shows an agent response containing a lock or backup access code. This may be useful for accessibility, but access codes are sensitive and should only be revealed in trusted/private contexts.
→ Manual backup: code is 4821
Treat lock codes and backup entry methods as secrets; redact them by default and disclose them only after explicit user request in a private channel.
Private routines or health-related details may be reviewed or reused when generating automations.
The skill recommends periodic analysis of conversation history. That is purpose-aligned for a friction audit, but conversation history may contain sensitive disability, health, home, and routine information.
"Run this weekly" ... "Analyzes your conversation history to find repeated requests."
Ask for consent before analyzing history, limit the time range and data sources, review suggested automations with the user, and avoid retaining sensitive summaries longer than needed.
Users may look for or run external scripts that were not part of this reviewed package.
SKILL.md names helper scripts, but the provided manifest contains only SKILL.md and package.json. The referenced script code is not included for review.
### `scripts/friction_audit.py` ... ### `scripts/voice_commands.py` ... ### `scripts/ha_templates.py`
Treat the listed scripts as documentation unless the actual files are supplied from a trusted source and reviewed before running.