Skillv1.1.2

ClawScan security

SenseRobot元萝卜AI下棋机器人 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 19, 2026, 12:37 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent: it documents and implements local HTTP control of a physical SenseRobot chess robot (mechanical arm, camera, microphone, display) and only requires curl; no unexplained credentials, external endpoints, or installs are present.
Guidance: This skill appears to do exactly what it says: control a local SenseRobot chess robot over HTTP. Before installing, confirm the robot IP (192.168.199.10) is correct and that you trust the device on your network. Be aware the skill can: (1) trigger the robot's cameras and save photos to disk, (2) record audio and save it, and (3) upload a local PNG to show on the robot display — these have privacy implications. There are no external endpoints or credentials in the package, and no install script, which reduces risk. If you want extra assurance, inspect the Python client (scripts/main.py) yourself (it only calls the documented local endpoints and uses subprocess curl for file upload) or run the skill in a network-segment isolated environment (VLAN) that limits access to other devices.

Purpose & Capability: okName/description, SKILL.md, and the included Python client all align: they control a local robot through HTTP endpoints on 192.168.199.10:60010. Requested binary (curl) is justified (used for image upload); no unrelated credentials or surprising dependencies are requested.
Instruction Scope: noteInstructions direct the agent to call local robot APIs for arm movement, CV detection, TTS, take_photo, record (microphone), and show_image (upload a local PNG). These actions are consistent with the robot control purpose but involve cameras/microphone and uploading a local image file — users should be aware of privacy implications. The SKILL.md does not instruct reading arbitrary system files or external network endpoints beyond the robot's local IP.
Install Mechanism: okNo install spec (instruction-only skill plus an included client script). This is low risk because nothing is downloaded or written as part of installation.
Credentials: okThe skill requests no environment variables or credentials. All required access (local network to 192.168.199.10, and the curl binary) is proportional to controlling the robot. No unrelated secrets are requested.
Persistence & Privilege: okalways is false and the skill does not request persistent/system-wide privileges or modify other skills. It can be invoked autonomously by the agent (default), which is expected for skills; this combined with no broad credential access does not raise extra concern.