IoT Platform Connection
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This WIP guide is transparent about its purpose, but it connects an agent to an IoT gateway that can command devices, send messages, and run gateway tasks without documented guardrails.
Review carefully before installing or configuring. Use this only if you intentionally want Claude Code or another MCP client to interact with your OpenClaw IoT gateway. Prefer local loopback mode, avoid public exposure unless necessary, protect the gateway password, and require human approval for device commands, channel messages, and gateway agent tasks.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Once enabled, an agent with access to this MCP server may be able to operate IoT devices, send channel messages, or run gateway tasks if a prompt or mistaken tool plan triggers those actions.
These MCP tools can mutate physical/device state, send communications, and start gateway-side agent tasks. The guide does not document approval prompts, tool allowlists, target restrictions, or recovery controls.
`openclaw_device_command` | Send a command to a specific device ... `openclaw_channel_send` | Send a message through a channel ... `openclaw_agent_run` | Run an agent task on the gateway
Only enable the MCP server when you intentionally want agent control. Use tool allowlists or read-only mode if available, require manual confirmation for device commands/channel sends/agent runs, and review gateway logs.
If remote access is misconfigured or the password leaks, another client could potentially reach sensor/config data or device/channel control tools.
The skill describes exposing the MCP gateway beyond the local machine, including a public mode. Because the same gateway exposes sensor/config resources and command tools, unclear identity, origin, and permission boundaries are material.
For remote access via Tailscale: ... "url": "http://openclaw-desktop:18789/mcp" ... `Tailscale Funnel (public with auth)` ... `Publicly accessible with password authentication.`
Prefer loopback access. If remote access is necessary, use Tailscale ACLs, avoid public Funnel unless required, use a strong unique password, verify transport security, and monitor/rotate credentials.
Anyone who obtains the gateway password may be able to access the configured MCP gateway capabilities.
The guide references a gateway password for authenticated access. This is expected for the described Funnel mode, but users should recognize that it protects access to the gateway's capabilities.
Ensure the password in your MCP config matches the one in `~/.openclaw/gateway.yaml`.
Store the password only in private user-level configuration, avoid committing it to project settings, and rotate it if it may have been exposed.