Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Wyoming Clawdbot
v1.0.2Wyoming Protocol bridge for Home Assistant voice assistant integration with Clawdbot.
⭐ 0· 2.1k·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The Python code implements a Wyoming protocol server that forwards transcripts to a local Clawdbot CLI — this is coherent with the skill name/description. However, the package metadata declares no required binaries or config paths while the code and docker-compose clearly require the 'clawdbot' CLI and access to a Clawdbot config directory (~/.clawdbot). That omission is an inconsistency.
Instruction Scope
SKILL.md instructs cloning the GitHub repo and running docker compose up. The docker-compose.yml mounts ${HOME}/.clawdbot into the container (exposes local Clawdbot credentials/config) and uses network_mode: host (opens the service to the host network). These steps are relevant for the stated purpose, but the instructions do not warn about exposing local config/tokens. Also the included repository lacks a Dockerfile (docker-compose uses 'build: .' which will fail or be confusing), which is an instruction/packaging mismatch.
Install Mechanism
This is effectively instruction-only (no formal install spec). The SKILL.md/README tell users to git clone from GitHub — GitHub is a normal source. There is no third-party archive download or obscure URL. However, the repo package includes a docker-compose that expects a build context but no Dockerfile was provided in the manifest, creating an install/runtime problem.
Credentials
The skill declares no required environment variables or config paths, yet the runtime relies on an external 'clawdbot' CLI and the user's ~/.clawdbot config (docker-compose mounts that path). Access to ~/.clawdbot likely exposes authentication tokens or keys for Clawdbot — this is proportional if you intend to bridge to your local Clawdbot, but it should be explicitly declared and documented. The omission is a notable mismatch.
Persistence & Privilege
The skill does not request always:true and does not alter other skills. But the recommended deployment uses network_mode: host and listens by default on 0.0.0.0:10600, which exposes the service to the local network/host. Running as a long-lived systemd/Docker service (as README suggests) is expected for this use-case but increases the blast radius if the service or container is misconfigured or compromised.
What to consider before installing
This package appears to implement the advertised Wyoming→Clawdbot bridge, but there are a few issues to consider before installing:
- The code calls a local 'clawdbot' CLI; make sure you have that CLI installed and understand its security model. The skill metadata did not declare this required binary.
- docker-compose.yml mounts ${HOME}/.clawdbot into the container. That directory likely contains your Clawdbot credentials/tokens — mounting it into a container gives the container full access to those secrets. Only do this if you trust the code and the runtime environment.
- The compose file specifies 'build: .' but the repository in the package does not include a Dockerfile (manifest shows none). The provided Docker instructions may fail; you may need to run the Python script directly in a venv instead.
- The service binds to 0.0.0.0 and uses host networking, exposing the Wyoming service on your LAN/host. Consider firewall rules or binding to localhost if you only want local access.
If you want to proceed, inspect the cloned repository yourself (or the upstream GitHub repo), verify the Dockerfile/build context before running containers, and examine the contents of ~/.clawdbot to understand what secrets will be exposed. If you do not trust the upstream source, run the Python script in a restricted environment (non-privileged user, no sensitive mounts) or avoid mounting your home config into the container.Like a lobster shell, security has layers — review code before you run it.
latestvk97bmkbptk3gehsg470xep4bs17zyc56
License
MIT-0
Free to use, modify, and redistribute. No attribution required.