ClawHub

Xtoys.app Webhook Controller

v1.1.2

Control xtoys.app devices via webhook. Supports precise control of various body parts for remote intimate device control.

0· 89·0 current·0 all-time
by@kasuganosora
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe webhook-based device control and the package contains a Python controller that issues HTTP requests to https://webhook.xtoys.app with action and level parameters — this matches the stated purpose. The implemented actions and CLI/API surfaces are consistent with documentation.
Instruction Scope
SKILL.md and tools.json instruct running scripts/xtoys_control.py and recommend XTOYS_WEBHOOK_ID or config.json. The runtime instructions and script operate only by reading a webhook ID and sending HTTP GET requests to the webhook host. Minor scope note: the script looks for config.json in multiple locations (relative paths, ~/.config/xtoys, /etc/xtoys) which is reasonable for config but means it will read those files if present.
Install Mechanism
No install spec or external downloads are present. Dependencies are standard Python libs (requests, urllib3) declared in requirements.txt — no high-risk installer behavior.
Credentials
The skill requires a webhook identifier (XTOYS_WEBHOOK_ID) to function; SKILL.md documents this but the registry metadata lists 'required env vars: none' — slight metadata omission. No other secrets or unrelated credentials are requested. The script reads config.json from several standard locations (including /etc and ~/.config), but only to obtain the webhook_id.
Persistence & Privilege
always is false and the skill does not request persistent system modifications or cross-skill config changes. It creates no install-time artifacts and only opens outbound HTTP connections as needed.
Assessment
This skill appears to do what it claims: read a webhook ID (from argument, env var, or config file) and send GET requests to webhook.xtoys.app with action and level. Before installing: 1) Verify the webhook domain and project source (source is listed as unknown — consider checking the GitHub repo linked in README to confirm authenticity). 2) Keep your XTOYS_WEBHOOK_ID private (anyone with it can control devices). 3) Note the script will look for config.json in ~/.config and /etc — ensure those files do not contain sensitive data you don't want read. 4) If you distrust network activity, restrict the skill's network access or test in a controlled environment. 5) Use low intensity and safeword/testing when exercising remote-control features.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dgz63tvb75y6ew2jw4y7mes83b4cr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments