Kunwu Builder
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: kunwu-builder Version: 1.0.1 The 'kunwu-builder' skill bundle is a comprehensive and legitimate integration for controlling Kunwu Builder (坤吾) industrial simulation software via its HTTP API. The core logic resides in 'kunwu-tool.js', which provides a robust wrapper for model management, robotic control, and scene manipulation. The bundle includes extensive documentation, migration guides, and numerous functional test scripts (e.g., 'test-50-rounds.js', 'test-robot-assembly.js') that demonstrate thorough development and debugging. All network communication is directed toward local or private network IP addresses (such as 192.168.x.x and 100.85.x.x), which is consistent with industrial software environments. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user does not override the endpoint, the agent could send commands or receive scene data from a non-local Kunwu Builder instance.
All API calls default to a hard-coded plaintext private/Tailscale-range address unless overridden. That creates an unclear service boundary for scene, robot, camera, model, and equipment-control traffic.
const BASE_URL = process.env.KUNWU_API_URL || 'http://100.85.119.45:16888';
Default to localhost or require the user to set KUNWU_API_URL explicitly; clearly declare the environment variable and reject non-local endpoints unless the user approves them.
A user may trust the skill as local-only while its default client can target a different private-network host.
This local-only claim conflicts with supplied code and examples that use non-local private addresses, so users may incorrectly assume the skill only talks to their own local machine.
本地访问:API 仅允许本地连接(127.0.0.1)
Make the documentation match the code, remove hard-coded remote defaults, and prominently warn users to verify the target API URL before use.
A mistaken or overly autonomous agent action could delete models, reset scenes, or otherwise alter the Kunwu simulation unexpectedly.
The skill documents direct access to destructive model operations through a generic endpoint/data tool, with no visible confirmation gate or scoped allowlist in the supplied artifacts.
kunwu_call endpoint="/model/destroy" data='{"id":"modelId","useModeId":true}'Require explicit user confirmation for destructive, reset, bulk, robot-motion, and equipment-control actions; prefer safer named workflows over arbitrary endpoint calls.
Using model creation may download third-party or cloud-hosted model assets into the Kunwu environment.
The model-loading workflow can cause Kunwu Builder to fetch models from a cloud source when local models are missing. This is disclosed and purpose-aligned, but users should understand the remote dependency.
`checkFromCloud: true` → 本地有直接加载(快速),本地没有自动从云端下载
Use trusted model IDs, document the cloud source, and set checkFromCloud to false when a local-only workflow is required.
Running the helper script can create or modify multiple models in the configured Kunwu Builder instance.
The skill documents running local Node.js helper scripts for batch model loading. This is expected for the skill, but it is local code execution and can mutate the target scene.
node scripts/model-loader.js models.json
Run helper scripts manually after reviewing the endpoint and input JSON; the package should declare Node.js as a runtime requirement.