Birdnet
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: birdnet Version: 1.0.0 The skill bundle is a legitimate wrapper for the BirdNET-Go API. It uses standard OpenClaw credential management (`~/.clawdbot/credentials/birdnet/config.json`) to configure the API URL, defaulting to a local IP. The `scripts/birdnet.sh` script uses `curl` for API interaction and `jq` for JSON parsing and output formatting. User inputs are handled safely, with `jq --arg` for search queries and explicit URL encoding (`jq -sRr @uri`) for species names, preventing injection vulnerabilities. There is no evidence of data exfiltration, malicious execution, persistence, or prompt injection against the agent in `SKILL.md`.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can retrieve and display bird detection records, timestamps, confidence scores, and weather details from the configured BirdNET-Go service.
The script reads a user-configured BirdNET-Go URL and uses curl to query detection endpoints. This network access is disclosed and purpose-aligned, but users should verify the configured URL is their intended BirdNET-Go instance.
CONFIG_FILE="$HOME/.clawdbot/credentials/birdnet/config.json" ... curl -s "$API/detections?limit=$limit"
Use this skill only with a BirdNET-Go URL you trust, preferably on your local network, and avoid pointing the config at unrelated or public services.