NWO Robotics
v1.0.2Control robots and IoT devices via natural language using the NWO Robotics API for robot commands, sensor queries, vision tasks, and task planning.
⭐ 0· 123·0 current·0 all-time
byCiprian Pater@redciprianpater
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill name/description (robot & IoT control via NWO API) matches the code and declared env vars (NWO_API_KEY, NWO_USER_ID) and the HTTP endpoints used. Minor note: the README/SKILL.md/homepage mention multiple domains (nworobotics.cloud and nwo.capital) and the repository points to a HuggingFace demo — these domain/repo differences are not dangerous by themselves but warrant verification of the official API host before supplying credentials.
Instruction Scope
SKILL.md instructs the agent to set NWO_API_KEY and NWO_USER_ID and the included index.js uses those env vars and calls only the documented NWO endpoints. The instructions do not ask the agent to read unrelated files or other credentials. The code sanitizes input and limits length, and the skill's behavior (status, move, vision, IoT queries, emergency stop, etc.) aligns with the documented scope.
Install Mechanism
This is an instruction-only skill with a small index.js included; there is no install script or external download. No packages or extract/install operations are present in the bundle, so install risk is low.
Credentials
The skill requires only service-specific credentials (NWO_API_KEY and NWO_USER_ID) and an optional API URL. It requests permission to read env and make HTTP requests, which is proportional for a cloud API integration. There are no unrelated secret/env requirements.
Persistence & Privilege
The skill does not request always:true or other elevated persistence. It does not modify other skills or system-wide settings. Autonomous invocation is allowed but that is the platform default; note that giving an agent control of real robots has operational risk and should be carefully managed.
Assessment
This skill appears coherent with its stated purpose. Before installing: (1) Verify the official NWO API domain and that you obtained API keys from the legitimate provider (the package references nwo.capital and nworobotics.cloud — confirm which is correct). (2) Limit the API key's permissions if possible and use a test account first — the agent can issue real robot commands (including emergency stop), so test in a safe environment. (3) Confirm the repository/homepage ownership if you require provenance (the repo link points to a HuggingFace demo). (4) Review your OpenClaw agent policies for autonomous actions if you want to restrict automatic execution of potentially hazardous robot commands.index.js:7
Environment variable access combined with network send.
Confirmed safe by external scanners
Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.Like a lobster shell, security has layers — review code before you run it.
actionvk973hkahavz1fw87xmxfjh33q18358mdapivk973hkahavz1fw87xmxfjh33q18358mdautomationvk973hkahavz1fw87xmxfjh33q18358mdcyberneticsvk973hkahavz1fw87xmxfjh33q18358mdedgevk973hkahavz1fw87xmxfjh33q18358mdiotvk973hkahavz1fw87xmxfjh33q18358mdlatestvk97ftypsss0bdq77c6c658ayp1836k6hlearningvk973hkahavz1fw87xmxfjh33q18358mdperceptionvk973hkahavz1fw87xmxfjh33q18358mdroboticsvk973hkahavz1fw87xmxfjh33q18358mdvisionvk973hkahavz1fw87xmxfjh33q18358md
License
MIT-0
Free to use, modify, and redistribute. No attribution required.