XiaoPai Player Control
ReviewAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward LAN remote-control skill for a XiaoPai player, but it can issue disruptive player commands such as reboot or power/delete keys, so confirm the target device and risky actions.
Use this skill only if you want the assistant to control a XiaoPai player on your trusted LAN. Verify the discovered IP/MAC matches your device, and explicitly approve disruptive actions such as reboot, power off, delete, settings changes, or screenshots. Because the source is unknown, review the included shell script before use.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The assistant could change playback, volume, navigation, power state, or reboot the XiaoPai player if the corresponding command is sent.
The skill intentionally exposes raw remote-control actions, including a disruptive reboot command. This is disclosed and purpose-aligned, but it requires careful user confirmation.
Send any remote-control button press to the player ... `RBT` will reboot the device — confirm with the user before sending.
Confirm the target device/IP before use and require explicit user approval for reboot, power-off, delete, settings, screenshot, or other disruptive key commands.
Running the helper will make the local machine connect to the specified LAN IP and send player-control requests.
The helper script runs local network commands to send HTTP/TCP requests. This is expected for the stated LAN-control purpose and is not hidden or auto-installed.
curl -s "${BASE}/xiaopai/play?videopath=${ENCODED}" ... echo "" | nc -w 2 "$IP" 9051Use the helper only on a trusted LAN, verify the IP address, and ensure local tools such as curl, nc, and python3 are available.
It is harder to verify who maintains the skill or compare it against an upstream project.
The artifacts do not provide an upstream source or homepage, which limits provenance checking. The included code is small and visible, with no remote install step shown.
Source: unknown; Homepage: none ... No install spec — this is an instruction-only skill.
Review the included files before installing and prefer a trusted source or verified repository if available.