Kunwu Builder
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill appears to control Kunwu Builder as described, but it defaults to hard-coded private HTTP API addresses and can reset or delete simulation data.
Before installing or using this skill, edit or override the API URL so it points only to your own Kunwu Builder instance, preferably localhost. Do not run the helper or test scripts until you confirm the endpoint. Treat reset, destroy, batch, robot, camera, and equipment-control actions as high-impact and require explicit confirmation.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user does not override the endpoint, the agent could send commands or receive scene data from a non-local Kunwu Builder instance.
All API calls default to a hard-coded plaintext private/Tailscale-range address unless overridden. That creates an unclear service boundary for scene, robot, camera, model, and equipment-control traffic.
const BASE_URL = process.env.KUNWU_API_URL || 'http://100.85.119.45:16888';
Default to localhost or require the user to set KUNWU_API_URL explicitly; clearly declare the environment variable and reject non-local endpoints unless the user approves them.
A user may trust the skill as local-only while its default client can target a different private-network host.
This local-only claim conflicts with supplied code and examples that use non-local private addresses, so users may incorrectly assume the skill only talks to their own local machine.
本地访问:API 仅允许本地连接(127.0.0.1)
Make the documentation match the code, remove hard-coded remote defaults, and prominently warn users to verify the target API URL before use.
A mistaken or overly autonomous agent action could delete models, reset scenes, or otherwise alter the Kunwu simulation unexpectedly.
The skill documents direct access to destructive model operations through a generic endpoint/data tool, with no visible confirmation gate or scoped allowlist in the supplied artifacts.
kunwu_call endpoint="/model/destroy" data='{"id":"modelId","useModeId":true}'Require explicit user confirmation for destructive, reset, bulk, robot-motion, and equipment-control actions; prefer safer named workflows over arbitrary endpoint calls.
Using model creation may download third-party or cloud-hosted model assets into the Kunwu environment.
The model-loading workflow can cause Kunwu Builder to fetch models from a cloud source when local models are missing. This is disclosed and purpose-aligned, but users should understand the remote dependency.
`checkFromCloud: true` → 本地有直接加载(快速),本地没有自动从云端下载
Use trusted model IDs, document the cloud source, and set checkFromCloud to false when a local-only workflow is required.
Running the helper script can create or modify multiple models in the configured Kunwu Builder instance.
The skill documents running local Node.js helper scripts for batch model loading. This is expected for the skill, but it is local code execution and can mutate the target scene.
node scripts/model-loader.js models.json
Run helper scripts manually after reviewing the endpoint and input JSON; the package should declare Node.js as a runtime requirement.