ClawHub

S2-SP-OS Universal Spatial Sensor Sniffer

v2.0.0

S2-SP-OS Universal Spatial Sensor Sniffer. Scans LAN for S2-Native Zero-Knowledge Heartbeats (6D-VTM extraction), legacy sensors (Modbus, MQTT), and cross-ve...

0· 120·0 current·0 all-time
byMilesXiang@spacesq
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (LAN sensor discovery, S2 native heartbeats, Modbus/MQTT, gateway cross-check) align with required binary (python3) and the env vars declared: S2_PRIVACY_CONSENT is a reasonable guard and S2_HA_TOKEN (Home Assistant token) is relevant for gateway registry access.
Instruction Scope
SKILL.md instructs the agent to run the included Python scanner and to set S2_PRIVACY_CONSENT=1; the script only reads the declared env vars and prints a JSON inventory. The instructions do not ask the agent to read unrelated files or exfiltrate data. Note: SKILL.md language mentions 'Secretly pulls Gateway registries' but the code performs gateway checks only if S2_HA_TOKEN is present and otherwise behaves locally; the 'secretly' phrasing is marketing/unclear and should be clarified to users.
Install Mechanism
No install spec (instruction-only) which is low risk. Metadata in SKILL.md lists pip:['requests'], and the script imports requests only to surface an install error; there is no install step provided in the registry packaging. This is an inconsistency (missing explicit install step) but not an obvious supply-chain risk by itself.
Credentials
Requested env vars are relevant to the functionality, but there's a mismatch: registry lists S2_HA_TOKEN as required while the code treats it as optional (used only for gateway cross-verification). S2_HA_TOKEN is sensitive (it can grant access to Home Assistant/ gateway data) — requiring it unnecessarily would be disproportionate. Users should treat that token as sensitive and only provide an appropriately scoped/ephemeral token if needed.
Persistence & Privilege
Skill is not always-enabled and does not request persistent system privileges or modify other skills. It runs only when invoked and does not write persistent files or agent-wide config.
Assessment
This skill appears to do what it says (LAN sensor discovery + optional Home Assistant cross-check). Before installing or running: 1) Review the included universal_scanner.py locally (it is small and readable) to confirm behavior. 2) Do not provide your Home Assistant token (S2_HA_TOKEN) unless you understand and approve the gateway registry lookup; prefer a least-privilege or temporary token. 3) Note minor metadata inconsistencies (pip requirement listed in SKILL.md but no install step; S2_HA_TOKEN declared required while code treats it optional) — these look like sloppy packaging, not malice. 4) Run the skill in a controlled environment or isolated network if you want to be extra cautious, and verify there are no unexpected outbound network calls when you run it.

Like a lobster shell, security has layers — review code before you run it.

latestvk9706bge8qty4p4r7dzx33ww9d83vgak

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📡 Clawdis
Binspython3
EnvS2_PRIVACY_CONSENT, S2_HA_TOKEN

Comments