Skillv0.1.5

ClawScan security

RoomSound · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 21, 2026, 8:10 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: RoomSound's requirements and runtime instructions are consistent with its stated purpose (playing audio to speakers via yt-dlp/mpv and Bluetooth/PipeWire/PulseAudio control); nothing in the skill's manifest suggests it is trying to do unrelated or covert actions.
Guidance: RoomSound appears coherent for its purpose, but before installing or initializing it you should: 1) Be prepared to approve package installations (sudo apt install) and verify packages come from your distro's repos; 2) Expect the agent to enumerate Bluetooth devices and store MAC addresses as alias mappings—if you are privacy-conscious, decide whether you want those stored and where; 3) Confirm any automatic changes to audio sinks or default devices (wpctl/pactl) are acceptable; 4) If you prefer tighter control, run the apt installs and create the yt-dlp config yourself and only grant the agent permission to execute the playback commands; 5) If you are uncomfortable with autonomous agent actions, restrict the skill to user-invoked only or disable autonomous invocation in your agent configuration.

Review Dimensions

Purpose & Capability: okThe skill's name/description (play audio to speakers, starting with YouTube/Bluetooth) matches the declared binaries (yt-dlp, mpv, bluetoothctl) and the apt packages suggested (yt-dlp, mpv, bluez, pulseaudio-utils). There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope: noteSKILL.md instructs the agent to run local system commands (bluetoothctl, wpctl/pactl, yt-dlp, mpv), build queues, and persist speaker alias → MAC mappings and a small yt-dlp config (~/.config/yt-dlp/config). These actions are within the skill's domain, but they do involve enumerating Bluetooth devices (MAC addresses) and writing user config/agent memory—both are privacy-relevant and worth informing the user about.
Install Mechanism: okThis is an instruction-only skill with no external installers. The only install instruction is to use the system package manager (apt) for well-known packages; no downloads from untrusted URLs or archive extraction are specified.
Credentials: okNo environment variables or external credentials are requested. The only persisted data is local aliases and a yt-dlp config; those are proportional to the feature set but contain device identifiers (MACs), which are sensitive.
Persistence & Privilege: noteThe skill will write a yt-dlp config (~/.config/yt-dlp/config) and persist alias→MAC mappings in agent memory/config, and may run apt install (requires elevated privileges). These behaviors are reasonable for speaker control, but installing packages and changing default sinks are privileged actions — the user should expect install prompts and confirm before allowing them.