Roku Control
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: roku-control Version: 1.0.0 The OpenClaw AgentSkills skill bundle for Roku control is benign. The `SKILL.md` and `README.md` provide clear, well-documented instructions for controlling Roku devices via the local network, without any evidence of prompt injection attempts to subvert the agent's behavior or exfiltrate data. The `scripts/roku_control.py` script uses standard Python libraries (`requests`, `socket`) to implement the Roku External Control Protocol (ECP), performing network communication exclusively with local Roku devices for discovery and control. There are no indications of malicious execution, data exfiltration to external endpoints, persistence mechanisms, or obfuscation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with the wrong device or unintended command, the agent could launch apps, send text, change volume, navigate menus, or power off a Roku on the local network.
The script sends unauthenticated local HTTP POST requests to a Roku device to perform remote-control actions. This is the advertised purpose, but it can still change device state.
url = f"http://{self.roku_ip}:{ROKU_PORT}/keypress/{key}"
response = requests.post(url, timeout=5)Use it only on a trusted LAN, verify the Roku IP address, and ask the agent to confirm before disruptive actions such as power, text entry, or app launching if that matters to you.
Installing Python packages can introduce dependency risk if done from an untrusted package index or uncontrolled environment.
The skill asks the user to install an external Python package without a pinned version. The dependency is common and expected for HTTP requests, but it is still a normal supply-chain consideration.
pip3 install requests
Install dependencies from a trusted package source, preferably in an isolated environment, and pin versions if you need reproducible installs.