ClawHub

dokidoki

v1.0.2

Control interactive BLE devices (scan/connect/playback/timeline) from terminal.

0· 183·0 current·0 all-time
bytryjoy@lovappencava
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill describes controlling BLE devices and only requires the 'doki' CLI plus optional audio tools; these needs match the stated functionality.
Instruction Scope
SKILL.md only instructs the agent to run doki commands and read timeline JSON files (expected for playback). It does not ask to read unrelated system files, credentials, or transmit data to external endpoints.
Install Mechanism
The SKILL.md includes an npm global install suggestion (@tryjoy/dokidoki). Installing a global npm package is a normal way to get the binary but carries moderate supply-chain risk — verify the package name/owner on the npm registry before installing.
Credentials
No environment variables, credentials, or config paths are required. The only system resources referenced are BLE hardware, audio playback tools (ffplay/afplay), and a log file in /tmp, which are proportionate to a BLE playback CLI.
Persistence & Privilege
Skill is not always-enabled and does not request elevated platform privileges or modify other skills' configs. Autonomous invocation is allowed by default (normal).
Assessment
This skill appears to be an instruction wrapper around a CLI ('doki') for controlling BLE devices. Before installing or using it: 1) Verify the 'doki' binary/package source (the SKILL.md suggests @tryjoy/dokidoki on npm) and confirm the publisher is trustworthy; 2) Installing globally with npm requires elevated permissions on some systems—avoid installing packages from unknown authors as root; 3) The tool will access Bluetooth hardware and audio playback utilities (ffplay/afplay) and writes logs to /tmp/dokidoki.log—consider whether that log may contain sensitive info and whether your system's Bluetooth policy allows this; 4) If you want extra assurance, inspect the npm package contents (or its GitHub repo) before installing to ensure no unexpected network or filesystem behavior. Overall the skill is coherent with its purpose, but standard supply-chain caution is recommended.

Like a lobster shell, security has layers — review code before you run it.

latestvk971k7j2s8qtb06qvvrr3q4jh183378p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎮 Clawdis
Binsdoki

Comments