Accessibility Toolkit 1.0.0
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: accessibility-toolkit-1-0-0 Version: 1.0.0 The `SKILL.md` file contains strong behavioral instructions for the AI agent, notably "Never require confirmation for reversible actions. Just do it." While framed for accessibility, this is a risky prompt injection pattern that instructs the agent to bypass a common safety mechanism (user confirmation). Additionally, the skill includes smart home templates with sensitive actions like `lock.unlock` for a front door, implying the agent's capability to perform such actions, potentially without explicit confirmation if following the aforementioned instruction. The skill also references local scripts (`scripts/friction_audit.py`, etc.) that the agent is expected to run, but their content is not provided for analysis, leaving their potential impact unknown.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could change home devices, notifications, or locks too quickly or without enough confirmation, creating safety or security problems if it misunderstands the user or the situation.
The instructions encourage acting without confirmation while also providing smart-lock automation examples. Door/security actions and similar smart-home changes are not always safely reversible and need explicit user-controlled boundaries.
"Never require confirmation for reversible actions. Just do it." ... "service: lock.unlock" ... "entity_id: lock.front_door"
Require explicit approval for smart locks, doors, security systems, medical or health-related routines, account changes, and any action that is not clearly safe and reversible. Define a strict whitelist of no-confirmation actions.
A bad sensor reading, geofence error, or misconfigured automation could unlock a door or trigger other home changes at the wrong time.
The Home Assistant example lets one presence/location trigger fan out into multiple smart-home actions, including unlocking the front door. A false location signal or automation mistake could propagate into a physical-security action.
trigger: ... entity_id: person.human ... event: enter ... action: ... service: scene.turn_on ... service: lock.unlock
Use fail-closed defaults for locks, add multiple conditions before security actions, require user confirmation where feasible, and test automations in a non-destructive mode before enabling them.
Private conversation details could be used to create reminders or automations, and misunderstood historical requests could influence future agent behavior.
Conversation history can contain sensitive personal information. The skill suggests analyzing it for recurring patterns, but does not define data scope, retention, review, or how learned patterns are approved before becoming automations.
`scripts/friction_audit.py`\nAnalyzes your conversation history to find repeated requests.
Limit which conversation history can be reviewed, avoid storing unnecessary summaries, and require user review before turning inferred patterns into recurring automations.
Users may assume referenced helper scripts were reviewed with this skill even though they are not included in the provided artifacts.
The skill references helper scripts, but the supplied package contains no script files and no install spec. If users obtain or run similarly named scripts elsewhere, that code is outside this review.
### `scripts/friction_audit.py` ... ### `scripts/voice_commands.py` ... ### `scripts/ha_templates.py`
Do not run external or later-provided scripts unless they are separately reviewed, sourced from a trusted location, and matched to the expected functionality.