Peon Ping for Openclaw
PassAudited by ClawScan on May 10, 2026.
Overview
The skill is a straightforward PeonPing installer/configurator, but it does run local install commands and may execute an unpinned remote installer script.
This skill appears purpose-aligned for installing PeonPing and enabling alert sounds. Before installing, make sure you are comfortable with the agent running local shell commands, and prefer the Homebrew installation path over the curl-to-bash fallback unless you have reviewed the upstream script.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may install software and change notification/audio settings on the user’s machine when the skill is used.
The skill explicitly instructs the agent to execute local shell commands to install and configure PeonPing. This is aligned with the installer purpose, but it is still local code execution.
Run this exact flow with `exec`: ```bash brew install PeonPing/tap/peon-ping peon-ping-setup ...
Use only if you want PeonPing installed locally, and review/approve the install commands before execution.
If the upstream script changes or the source is compromised, the command could run different code than expected.
The fallback install method downloads and executes a remote script from the repository’s main branch without a pinned commit or checksum. This is disclosed and purpose-aligned, but it depends on the remote source remaining trustworthy.
curl -fsSL https://raw.githubusercontent.com/PeonPing/peon-ping/main/install.sh | bash
Prefer the Homebrew path when available, or inspect/pin the install script before running the curl-to-bash fallback.