Wled
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward WLED light-control skill; it can change the state of a target LED device over HTTP, so users should verify the host or alias before using it.
This skill is reasonable to install if you want an agent to control WLED devices on your network. Before using it, verify the target IP, hostname, or alias points to your intended WLED controller, since commands can immediately change lights.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the wrong host or alias is used, the agent could turn on/off or visually change the wrong WLED device.
The helper sends HTTP requests, including POST requests that change WLED device state, to the host supplied through the CLI, config, or environment. This is the stated purpose, but it is still device-control authority.
url = f"http://{host}/{endpoint}" ... wled_request(host, "json/state", "POST", {"on": state})Use explicit, trusted WLED hostnames or IP addresses, keep aliases accurate, and confirm commands that visibly change lights.
Users have less external context for verifying the publisher or upstream project.
The registry metadata does not provide an external source or homepage for provenance. The included code is small and visible, with no external dependencies, so this is a provenance note rather than a concern.
Source: unknown Homepage: none
Review the included script before installing and prefer known publishers or repositories when provenance matters.