streaming-obs-bootstrap
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches OBS scene setup, but it can expose your whole workspace over the LAN and its “dry-run” script actually starts a real OBS stream.
Use this only in a trusted network and a dedicated workspace. Before running it, back up OBS scenes, confirm the target OBS host, avoid the stream_dry_run script unless you truly intend to start streaming, and restrict or stop the overlay HTTP server after testing.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Other devices on the same network may be able to browse files from the workspace if the port is reachable.
The script starts an unauthenticated LAN-reachable HTTP server for the entire workspace directory, not only the overlay asset folder.
nohup python3 -m http.server "$PORT" --directory "$WORKSPACE" > "$LOG" 2>&1 & ... echo "LAN base URL: http://$IP:$PORT"
Serve only the specific overlay directory, bind to the minimum required interface, document the exposure clearly, and stop the server after use.
A background process may keep exposing local workspace files longer than the user expects.
The server is launched in the background and can continue running after the immediate OBS setup task, with no PID file or cleanup command shown.
nohup python3 -m http.server "$PORT" --directory "$WORKSPACE" > "$LOG" 2>&1 &
Add an explicit stop command, PID tracking, and user-facing instructions for shutting the overlay server down.
Running the dry-run could accidentally go live on the user's configured streaming account.
The optional dry-run helper starts real OBS streaming and then stops it, which may broadcast publicly if OBS is configured with a stream destination.
mcporter call 'obs.start_streaming()' >/dev/null ... mcporter call 'obs.stop_streaming()' >/dev/null
Require an explicit confirmation or environment flag before starting streaming, and clearly warn users to disable or replace real stream keys before testing.
Users may trust the term “dry-run” and run it without realizing it can initiate a live broadcast.
The script labels the action as a dry-run while performing an actual start_streaming call.
mcporter call 'obs.start_streaming()' >/dev/null ... echo "Dry-run stream complete (${SECONDS_ON_AIR}s)."Rename the helper to indicate it starts a real stream, or change it to a recording-only/test-mode workflow.
Existing OBS scenes with those names could be deleted or replaced.
Rebuilding the scene pack intentionally removes and recreates named OBS scenes; this is aligned with the stated purpose but can overwrite existing user scene setup.
for s in "Workspace Overlay Test" "Main Live" "Intro" ...; do mc "obs.remove_scene(scene_name: \"$s\")" || true done
Back up OBS scenes/profiles and confirm the target OBS host before running the rebuild script.
Users may not realize which local tools and services the skill needs until commands are run.
The package declares no required binaries, while the skill and scripts rely on local tools such as mcporter, OBS WebSocket access, sqlite3, python3, and ss/nohup.
Required binaries (all must exist): none ... No install spec — this is an instruction-only skill.
Declare the required binaries/config paths and document the expected OBS/MCP setup in metadata.