ClawHub

Mqtt Client

v1.2.2

Universal MQTT Client for OpenClaw with Node.js/mqtt.js. Enables Connection Management, Subscription Management, Message Handling and OpenClaw Integration fo...

1· 128·0 current·0 all-time
bySanweb@sanwebgit
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe an MQTT client and the package requires only MQTT-related configuration (broker, username, password, clientId). The code and README implement connection, subscription, publishing, triggers and health monitoring — all coherent with an MQTT client skill.
Instruction Scope
Runtime instructions and examples focus on connecting to an MQTT broker and managing topics/messages. The SKILL.md states the skill will auto-create a config entry in ~/.openclaw/openclaw.json; the library also looks for openclaw.json in several locations. This is within scope for a skill that persists its own configuration, but users should be aware it reads configuration from multiple paths and may create a config file under the user home directory.
Install Mechanism
No install spec is provided (instruction-only skill). The README instructs installing the well-known npm package 'mqtt' — no downloads from arbitrary URLs or archive extraction are present in the bundle. Code files are included in the skill package (no external installers).
Credentials
Environment variables referenced are MQTT-specific (MQTT_BROKER, MQTT_BROKER_PORT, MQTT_USERNAME, MQTT_PASSWORD, etc.). The code reads HOME for config file paths, but does not request unrelated credentials or unrelated system secrets.
Persistence & Privilege
The skill does not request always:true and is user-invocable. It documents auto-creating/updating an entry under ~/.openclaw/openclaw.json to store its enabled state and env defaults. Writing its own config is expected for a skill, but users should confirm they are comfortable with the skill creating a file under their home directory.
Assessment
This skill appears to do what it says: it's an MQTT client and uses only MQTT-related environment variables. Before installing: (1) review and confirm you trust the MQTT broker you will connect to — credentials (username/password) are sent to that broker; (2) be aware the skill may create an entry in ~/.openclaw/openclaw.json and it also reads openclaw.json from several locations (home, cwd, __dirname), so inspect those files if you care about leakage of other config; (3) install the official 'mqtt' npm package as instructed and review the included scripts/mqtt-client.js if you want to verify there are no additional network calls or file writes; (4) run the skill in a limited environment or sandbox if you plan to connect to untrusted brokers. Overall there are no strong red flags, but double-check broker/trust and the created config file before wide deployment.

Like a lobster shell, security has layers — review code before you run it.

latestvk97af8q0zccteej4zfn927nzkx83hh6v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments