ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

SenseRobot元萝卜AI下棋机器人

v1.1.2

用户可以让 OpenClaw 控制元萝卜下棋机器人进行围棋取落子、机械臂移动、表情控制、语音播报、棋盘管理时使用此技能。触发词包括"元萝卜"、"下棋机器人"、"机械臂控制"。

0· 250·1 current·1 all-time
bySenseRobotClaw@senserobotclawbot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, and the included Python client all align: they control a local robot through HTTP endpoints on 192.168.199.10:60010. Requested binary (curl) is justified (used for image upload); no unrelated credentials or surprising dependencies are requested.
Instruction Scope
Instructions direct the agent to call local robot APIs for arm movement, CV detection, TTS, take_photo, record (microphone), and show_image (upload a local PNG). These actions are consistent with the robot control purpose but involve cameras/microphone and uploading a local image file — users should be aware of privacy implications. The SKILL.md does not instruct reading arbitrary system files or external network endpoints beyond the robot's local IP.
Install Mechanism
No install spec (instruction-only skill plus an included client script). This is low risk because nothing is downloaded or written as part of installation.
Credentials
The skill requests no environment variables or credentials. All required access (local network to 192.168.199.10, and the curl binary) is proportional to controlling the robot. No unrelated secrets are requested.
Persistence & Privilege
always is false and the skill does not request persistent/system-wide privileges or modify other skills. It can be invoked autonomously by the agent (default), which is expected for skills; this combined with no broad credential access does not raise extra concern.
Assessment
This skill appears to do exactly what it says: control a local SenseRobot chess robot over HTTP. Before installing, confirm the robot IP (192.168.199.10) is correct and that you trust the device on your network. Be aware the skill can: (1) trigger the robot's cameras and save photos to disk, (2) record audio and save it, and (3) upload a local PNG to show on the robot display — these have privacy implications. There are no external endpoints or credentials in the package, and no install script, which reduces risk. If you want extra assurance, inspect the Python client (scripts/main.py) yourself (it only calls the documented local endpoints and uses subprocess curl for file upload) or run the skill in a network-segment isolated environment (VLAN) that limits access to other devices.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a6sekvtvg0x57xmsey05cyd8378x4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🤖 Clawdis
Binscurl

Comments