Sphero Mini Control
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If followed, other Python programs on the machine may inherit powerful network capabilities, weakening the local security boundary.
This grants broad raw-network and network-administration capabilities to the global Python interpreter, not just to this skill or a narrowly scoped Bluetooth helper.
sudo setcap 'cap_net_raw,cap_net_admin+eip' $(which python3)
Avoid granting capabilities to the global python3 binary. Prefer the bleak-based path, OS-specific Bluetooth permissions, a dedicated virtual environment or wrapper, and document how to reverse any privilege changes.
Manual downloads from a moving branch can change over time and may not match the reviewed skill contents.
The reference documentation asks users to download unpinned source files from a raw GitHub URL, separate from the included bleak-based implementation.
curl -O https://raw.githubusercontent.com/MProx/Sphero_mini/master/sphero_mini.py
Use the included scripts where possible. If downloading external library files, inspect them first and pin to a specific commit or release.
The Sphero may bump into pets, people, furniture, stairs, or fragile objects if run in an unsafe area.
The script intentionally moves a physical robot in random directions for a fixed period, which is central to the skill but can affect the user's physical environment.
duration = 60 # 1 minute speed = random.randint(40, 120) heading = random.randint(0, 359)
Run movement modes only when supervised, on a clear soft surface, and after confirming the MAC/UUID points to your own Sphero.