ClawHub

VectorClaw MCP

v1.0.4

MCP tools for Anki Vector: speech, motion, camera, sensors, and automation workflows.

1· 359·0 current·0 all-time
byrobodan@danmartinez78
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name, description, and runtime instructions align: controlling a Vector robot via MCP reasonably requires python3, a VECTOR_SERIAL, an SDK config, and launching a Python MCP server. The listed tools (speak, drive, camera, sensors) match that purpose.
Instruction Scope
SKILL.md only instructs robot-related actions: installing the package, configuring the Vector SDK (~/.anki_vector/sdk_config.ini), setting VECTOR_SERIAL, and adding an MCP server entry. It does not ask to read unrelated system files or exfiltrate data.
Install Mechanism
Installation is via pip (vectorclaw-mcp). Using PyPI is expected for a Python MCP package but carries the normal risk that arbitrary code will be installed; the skill bundle itself contains no code to inspect, so the package should be audited (or installed in an isolated environment) before use.
Credentials
The only environment variable required is VECTOR_SERIAL, which is appropriate for addressing a particular robot. The SDK config path is expected for Vector SDK usage. No unrelated credentials or broad secrets are requested.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It relies on launching its own MCP server process (normal for this use). Autonomous invocation is allowed by default but not combined with other concerning flags.
Assessment
This skill appears to do what it claims (control a Vector robot) and only requests the robot serial and an SDK config. However, the skill bundle does not include the actual Python package (vectorclaw-mcp) — SKILL.md instructs you to pip-install it. Before installing or running the MCP server: 1) review the package source (the GitHub repo linked) or the PyPI project to inspect the code; 2) install in an isolated environment (virtualenv, container, or VM) if you don't want arbitrary code on your system; 3) know that the SDK config (~/.anki_vector/sdk_config.ini) likely contains your robot's auth info, so treat it as sensitive; and 4) only use this if you own/trust the Vector hardware and Wire-Pod setup. These checks are why confidence is medium rather than high.

Like a lobster shell, security has layers — review code before you run it.

hardwarevk97677cdqk1mz1z1nabb5ftczx82264ylatestvk97677cdqk1mz1z1nabb5ftczx82264ymcpvk97677cdqk1mz1z1nabb5ftczx82264yroboticsvk97677cdqk1mz1z1nabb5ftczx82264yvectorvk97677cdqk1mz1z1nabb5ftczx82264y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments