蓝牙设备监控
v1.1.0蓝牙设备监控 / Bluetooth Device Monitor - 查看Mac已连接的蓝牙设备列表,支持配对、连接、断开操作
⭐ 1· 1.9k·1 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name/description (macOS Bluetooth monitor) aligns with the included shell script and SKILL.md. The script legitimately uses blueutil and system_profiler to list, connect, disconnect devices and show battery. One mismatch: registry metadata lists no required binaries, but SKILL.md and the script require the third-party CLI blueutil (brew install blueutil). This is a packaging/documentation inconsistency to fix, but not malicious.
Instruction Scope
SKILL.md instructs the agent/user to run the provided bluetooth-monitor commands and to install blueutil. The script only reads local Bluetooth state via blueutil and /usr/sbin/system_profiler and prints device names/addresses/types/battery. It does not read unrelated user files, environment variables, or send data to external endpoints.
Install Mechanism
No install spec included (instruction-only plus a bundled script). The SKILL.md suggests installing blueutil via Homebrew, which is an expected dependency and a standard package source. The skill does not download or extract arbitrary archives or install remote code.
Credentials
The skill declares no environment variables or credentials and the script does not access secrets. It only requires a local CLI (blueutil) and uses system_profiler. No disproportionate credential or env access is requested.
Persistence & Privilege
always:false and disable-model-invocation:false (normal). The skill does not modify other skills, system configs, or write persistent agent-wide settings. It runs ad-hoc commands only.
Assessment
This skill appears to do what it says: list and manage macOS Bluetooth devices using blueutil and system_profiler. Before installing/using: 1) Install blueutil from a trusted source (brew install blueutil) and verify its origin. 2) Inspect the bundled script (bluetooth-monitor.sh) yourself; it runs locally and prints device names/addresses/battery levels — these are normal Bluetooth identifiers but could be considered sensitive device info. 3) Note the packaging inconsistency: the manifest didn't declare blueutil as a required binary; ensure you install that dependency. 4) Run the script without elevated privileges (no sudo) and avoid running untrusted code. If you need higher assurance, run it in a controlled environment (separate user account or VM) and/or request the publisher to correct the metadata to list blueutil as a required dependency.Like a lobster shell, security has layers — review code before you run it.
latestvk97c4bxs6z799gwqbq4t9bsjd1807tra
License
MIT-0
Free to use, modify, and redistribute. No attribution required.