v2.0.0

roku

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:51 AM.

Analysis

The Roku control purpose is plausible, but the artifacts include undocumented Telegram and background-control helpers with a bot token and unauthenticated local pipe, so this needs review before installation.

GuidanceBefore installing, verify whether you only need the npm Roku CLI or also intend to use the Python Telegram/daemon helpers. Do not provide a Telegram bot token unless you explicitly want Telegram-based control, use a strong bridge token, restrict any local pipe or service to trusted users, and make sure background services can be stopped and uninstalled.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

metadata

Install specifications: node | package: roku-ts-cli | creates binaries: roku ... Code file presence: roku-daemon.py ... roku-telegram.py

The declared install path is an npm package, but the supplied artifact set includes Python helper scripts with different dependencies and behavior. That mismatch creates a provenance and review-scope concern.

User impactA user may think they are installing only the documented npm Roku CLI while the artifact bundle also contains separate Python control helpers.

RecommendationVerify which files are actually installed and invoked, and align the package metadata, README, and runtime instructions with the shipped helper code.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

roku-listener.py

PIPE_PATH = "/tmp/roku-control" ... if line.startswith("roku_"):
    btn = line.replace("roku_", "")
    if hasattr(r, btn):
        getattr(r, btn)()

A predictable local pipe can route string input into method calls on the Roku object, with no authentication or documented permission boundary in the artifact.

User impactA local process or user that can write to the pipe could send Roku commands or invoke available no-argument Roku methods.

RecommendationUse a private, permission-restricted socket or pipe, whitelist allowed commands, and document how local access is controlled.

Rogue Agents

SeverityMediumConfidenceHighStatusConcern

roku-daemon.py

thread = threading.Thread(target=read_pipe, daemon=True)
thread.start()

# Keep main thread alive
try:
    while True:
        time.sleep(60)

The helper runs a persistent background loop that listens for control commands. This is separate from the documented npm CLI and is not clearly disclosed as part of the skill behavior.

User impactA background control process could continue accepting Roku commands after the initial task unless the user knows it is running and stops it.

RecommendationDocument all background processes, provide clear start/stop/uninstall instructions, and avoid running undeclared persistent helpers.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

roku-telegram.py

TOKEN = os.environ.get("TELEGRAM_TOKEN", "") ... url = f"https://api.telegram.org/bot{TOKEN}/getUpdates"

The code requires and uses a Telegram bot token, but the registry metadata declares no environment variables or credentials, and SKILL.md does not disclose Telegram control.

User impactProviding a Telegram bot token would grant this helper access to the bot account and enable remote command delivery through Telegram.

RecommendationDo not provide TELEGRAM_TOKEN unless Telegram control is intended; declare this credential explicitly and document its scope and risks.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusConcern

roku-telegram.py

if "callback_query" in update:
    cb = update["callback_query"]["data"]
    if cb.startswith("roku_"):
        btn = cb.replace("roku_", "")
        send_to_roku(btn)

Telegram callback data is forwarded to the Roku control pipe based only on the `roku_` prefix; the artifact shows no chat, user, or origin allowlist.

User impactAny Telegram party able to trigger callback queries for that bot could potentially send Roku control commands.

RecommendationAdd explicit authorized chat/user checks and document who can send Telegram control commands.