ClawHub

ROS2 Execution

v1.0.1

Execute ROS 2 commands (run, launch, call) in a sandboxed, allowlisted environment. Supports parameter profiles.

0· 106·0 current·0 all-time
byBrian Robinson@bigrobinson

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for bigrobinson/ros2-execution.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "ROS2 Execution" (bigrobinson/ros2-execution) from ClawHub.
Skill page: https://clawhub.ai/bigrobinson/ros2-execution
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install ros2-execution

ClawHub CLI

Package manager switcher

npx clawhub@latest install ros2-execution
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description match the provided scripts and SKILL.md: the wrapper enforces an allowlist and workspace checks before invoking ros2. However the registry metadata claims no required binaries/config paths while the SKILL.md and scripts clearly require a sourced ROS 2 environment (ros2 on PATH, AMENT_PREFIX_PATH) and write/read config files under the skill directory and ~/.openclaw/workspace. This is a minor metadata inconsistency, not a functional mismatch.
Instruction Scope
Instructions and the safe_ros2_execution.py wrapper stay within the declared purpose: they read config/config.json and config/packages.json, verify package prefixes, optionally read YAML profiles from ~/.openclaw/workspace/ros_profiles, and execute ros2 commands without shell=True. A noteworthy operational risk: the wrapper sources the ROS setup.bash via a bash -c 'source ... && env' call to build the environment — sourcing a setup.bash will execute whatever is in that file (typical for ROS but a potential vector if a workspace's setup.bash is malicious). This behavior is expected for a tool that must load ROS environments.
Install Mechanism
No remote install/downloads or package installs are specified; the skill is delivered as local scripts and an SKILL.md. No high-risk installer URLs or archive extraction are present.
Credentials
The skill requests no secrets or external credentials and only needs access to ROS environment variables, skill-local config/, and optional user profile YAMLs in ~/.openclaw/workspace. That is proportionate to its purpose. Again, the registry metadata not listing required config paths/binaries is inconsistent with the scripts' runtime requirements.
Persistence & Privilege
The skill does not request 'always: true' or modify other skills; it writes a config.json under its own directory via setup.sh and reads its own config and packages.json. Model/autonomous invocation is enabled by default (disable-model-invocation: false) which is normal for user-invocable skills.
Assessment
This skill appears to do what it says: it enforces an allowlist and runs ros2 commands via a safe wrapper. Before installing, review and do the following: (1) inspect and maintain config/packages.json to ensure only trusted packages are allowlisted; (2) be aware that the wrapper sources your ROS setup.bash to capture environment variables — if a workspace's setup.bash contains unexpected code it will run when sourced, so only use workspaces you trust; (3) profiles live under ~/.openclaw/workspace/ros_profiles — keep sensitive data out of those files; (4) the registry metadata omits required binaries/config paths (ros2, AMENT_PREFIX_PATH, config/), so expect to manually ensure your ROS environment is correctly sourced and that ros2 is available; (5) if you want to limit autonomous runs, consider disabling model invocation for this skill. If you need higher assurance, manually run the provided scripts in a controlled environment and audit any setup.bash files in your workspaces before enabling the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk975vvqc576p8505m5eqshvyy984dpdg
106downloads
0stars
2versions
Updated 2w ago
v1.0.1
MIT-0
Brian Robinson@bigrobinson
latest
Download

ROS 2 Execution (Sandboxed)

Setup & Installation

Before this skill can be used, the local environment must be configured. The setup script dynamically discovers your ROS paths and approved workspaces. You can re-run the setup script at any time if you add new workspaces.

  1. Source your environment: You MUST source your ROS 2 environment and any local workspaces first in your terminal. 
    source /opt/ros/<distro>/setup.bash
source ~/my_ros_ws/install/setup.bash
  2. Run setup: 
    ./scripts/setup.sh
  3. Whitelist Packages: Edit config/packages.json to explicitly allow the packages you want the agent to execute.
  4. Parameter Profiles (Optional): Create YAML parameter files in ~/.openclaw/workspace/ros_profiles/ for quick execution using the --profile flag.

Overview

Use this skill to execute ROS 2 commands.

SECURITY CONSTRAINT: You must ALWAYS use the safe wrapper script located at ./scripts/safe_ros2_execution.py. This script performs strict security checks using Python's subprocess (no raw shell execution, preventing injection) and validates:

  1. The command type (must be run/launch/call).
  2. The package is in an approved workspace.
  3. The package is explicitly allowlisted.

Wrapper Path: Resolve ./scripts/safe_ros2_execution.py against this SKILL.md directory.

Allowed Commands

Usage: ./scripts/safe_ros2_execution.py <command> <package> <target> [--profile <name> | --params-file <path>] [extra_args]

  • Run a node: ./scripts/safe_ros2_execution.py run <pkg> <node>
  • Run a node with a Parameter Profile: ./scripts/safe_ros2_execution.py run <pkg> <node> --profile outdoor (Loads from ~/.openclaw/workspace/ros_profiles/outdoor.yaml)
  • Run a node with a specific Params File: ./scripts/safe_ros2_execution.py run <pkg> <node> --params-file /tmp/temp_params.yaml
  • Launch a file: ./scripts/safe_ros2_execution.py launch <pkg> <launch_file>
  • Call a service: ./scripts/safe_ros2_execution.py service_call <pkg> <srv_name> <srv_type> <args>
  • Send an action goal: ./scripts/safe_ros2_execution.py action_send_goal <pkg> <action_name> <action_type> <args>

Handling Parameters (--ros-args)

Avoid passing complex strings (like nested arrays or JSON dictionaries) directly in the command arguments. Instead:

  1. Write the parameters to a temporary YAML file.
  2. Use the --params-file /path/to/file.yaml flag to safely load them.
  3. For recurring setups, save the YAML file to ~/.openclaw/workspace/ros_profiles/<name>.yaml and use --profile <name>.

Comments

Loading comments...