ReefBeat
WarnAudited by ClawScan on May 10, 2026.
Overview
ReefBeat is transparent about local aquarium control, but it gives the agent broad unauthenticated write/delete control over real life-support equipment without built-in safety limits.
Install only if you are comfortable letting the agent control aquarium hardware. Start with info/status reads, verify IP addresses, use narrow discovery ranges, and require explicit confirmation before any POST/PUT/DELETE action, especially for pumps, dosing, top-off, firmware, reset, or cloud-related settings.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or manipulated command could send write/delete requests to the wrong local device or service; on ReefBeat equipment, it can change critical tank settings.
The CLI forwards arbitrary HTTP methods and endpoints to the provided host without validating that it is a discovered ReefBeat device or requiring confirmation for mutating methods.
ip = cmd ... endpoint = args[2] ... elif action in ("get", "post", "put", "delete"): result = _http(ip, action, endpoint, payload)Use read-only commands by default, validate targets against discovered ReefBeat devices, and require explicit user confirmation before POST, PUT, or DELETE actions.
Incorrect changes to dosing, pumps, skimmers, or auto top-off could harm aquarium livestock or cause equipment/water-management problems.
The declared scope includes broad physical control of aquarium life-support functions, but the artifacts do not define safety boundaries, approvals, or rollback guidance for high-risk changes.
Supports ALL actions on ALL devices — ... ReefDose (dosing/calibration/priming/supplements) ... ReefRun (return pump + skimmer control/overskimming), ReefATO+ (auto top-off/resume/volume)
Add safer task-specific commands, require confirmation for life-support changes, preserve current settings before writes, and avoid using raw endpoints unless the user explicitly requests them.
On an untrusted or shared network, device control depends entirely on network access and correct IP selection, not on a login or permission check.
The no-auth design is disclosed and purpose-aligned, but it means any agent command that reaches the device IP has full device authority.
All device control is purely local HTTP (port 80, no auth).
Use only on a trusted LAN, verify device IPs before acting, and consider network isolation or firewall rules for aquarium equipment.
Using an overly broad subnet could slow discovery, generate network alerts, or touch unrelated devices on the LAN.
Discovery enumerates and probes every host in the supplied subnet, which is disclosed and useful, but a broad or wrong subnet could create noisy network-wide probing.
net = ipaddress.ip_network(subnet, strict=False) ips = [str(h) for h in net.hosts()] ... Pool(min(threads, len(ips)))
Use a narrow subnet such as the intended /24 or provide known device IPs directly; avoid running discovery on corporate, guest, or shared networks.