Back to skill
Skillv1.0.0
ClawScan security
Rdk X5 Tros · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 11, 2026, 6:41 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, required binaries, and filesystem paths align with its stated purpose (managing preinstalled ROS2 packages on an RDK X5 device); nothing requested is disproportionate or unrelated.
- Guidance
- This is an instruction-only ROS2 helper for an RDK X5 device and appears internally consistent. Before installing, confirm you actually run on the RDK X5 platform and that /opt/tros/humble exists and contains the described packages. Be aware that using the skill's commands will start local ROS2 nodes that can access attached cameras, microphones, and other sensors — if you have privacy or safety concerns, restrict the agent's ability to execute commands or test in a controlled environment. If you expect packages from a third party, verify their provenance separately (the SKILL.md assumes preinstalled, trusted packages under /opt).
Review Dimensions
- Purpose & Capability
- okName/description ask for ROS2/TROS workflows on RDK X5 and the skill only requires ros2 and colcon and references /opt/tros/humble and typical ROS2 build/runtime flows — these are appropriate and expected.
- Instruction Scope
- okSKILL.md contains concrete ROS2 commands, launch examples, paths under /opt/tros/humble, and recommended workspace creation; it does not instruct reading unrelated system files, exfiltrating data, or contacting external endpoints. It does reference /dev/shm (for shared memory troubleshooting), which is relevant to the packages described.
- Install Mechanism
- okInstruction-only skill with no install spec and no downloads; nothing is written to disk by the skill itself — lowest-risk install model and coherent with the purpose.
- Credentials
- okNo environment variables, credentials, or unrelated config paths are requested. The lack of secrets/credentials is appropriate for a local ROS2 management skill.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system-wide changes or modify other skills' configs. Autonomous invocation is allowed by default but not combined with other risky requests.