Sphero Mini Control
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: sphero-mini Version: 1.0.0 The skill is designed to control a Sphero Mini robot via Bluetooth Low Energy. All code and instructions are directly related to this stated purpose, involving BLE communication, robot movement, and LED control. There is no evidence of data exfiltration, malicious execution, persistence, or prompt injection against the agent in `SKILL.md`. While `references/examples.md` contains `curl` commands to download files and `references/troubleshooting.md` contains `sudo` commands, these are presented as manual instructions for the user in documentation, not as part of the automated skill execution or installation by the AI agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If followed, other Python programs on the machine may inherit powerful network capabilities, weakening the local security boundary.
This grants broad raw-network and network-administration capabilities to the global Python interpreter, not just to this skill or a narrowly scoped Bluetooth helper.
sudo setcap 'cap_net_raw,cap_net_admin+eip' $(which python3)
Avoid granting capabilities to the global python3 binary. Prefer the bleak-based path, OS-specific Bluetooth permissions, a dedicated virtual environment or wrapper, and document how to reverse any privilege changes.
Manual downloads from a moving branch can change over time and may not match the reviewed skill contents.
The reference documentation asks users to download unpinned source files from a raw GitHub URL, separate from the included bleak-based implementation.
curl -O https://raw.githubusercontent.com/MProx/Sphero_mini/master/sphero_mini.py
Use the included scripts where possible. If downloading external library files, inspect them first and pin to a specific commit or release.
The Sphero may bump into pets, people, furniture, stairs, or fragile objects if run in an unsafe area.
The script intentionally moves a physical robot in random directions for a fixed period, which is central to the skill but can affect the user's physical environment.
duration = 60 # 1 minute speed = random.randint(40, 120) heading = random.randint(0, 359)
Run movement modes only when supervised, on a clear soft surface, and after confirming the MAC/UUID points to your own Sphero.