Skillv1.0.0

ClawScan security

xiaodu-iot · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 12, 2026, 3:59 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement Xiaodu device control, but its metadata, runtime instructions, and scripts are inconsistent about required credentials, binaries, and filesystem locations — the omissions increase risk and require manual review before use.
Guidance: Before installing or running this skill: - Inspect and verify credentials: the skill requires a Baidu/DuerOS ACCESS_TOKEN but the metadata doesn't declare it. Do not paste tokens into scripts; store them securely and confirm where the token is read from (mcporter config or env). - Check required tooling: ensure mcporter, jq, and npx are present and trusted. npx will fetch the 'dueros-iot-mcp' package at runtime — review that package's source before allowing it to be fetched/executed. - Review file writes: the scripts create/overwrite files under your home workspace (logs, device lists, and MEMORY.md). If you do not want device identifiers or control logs persisted, do not run the update scripts or run them in a sandboxed environment. - Confirm paths and portability: files reference inconsistent paths (~/openclaw/workspace vs $HOME/.openclaw/workspace) and use sed -i '' (macOS style) which may behave unexpectedly on Linux — test in a safe environment first. - Camera/resource capabilities: reference docs mention xiaodu_take_photo and push_resource_to_xiaodu (push images/audio/video). If your devices have cameras or can render resources, consider the privacy implications and ensure you trust the endpoints and tokens used. Recommendations for the author or maintainer before you trust this skill: - Add requires.env entries (e.g., ACCESS_TOKEN) and declare required binaries (mcporter, jq, npx). - Provide an explicit install spec or a list of runtime dependencies and the exact npm package to be installed, plus a checksum or source link for the package. - Make persistence explicit and optionally configurable (e.g., allow choosing workspace directory or a dry-run mode; do not silently update MEMORY.md). If you are unsure or cannot verify the external npm package and token handling, run the skill only in an isolated environment (VM/container) and do not provide long-lived credentials.

Review Dimensions

Purpose & Capability: concernThe skill claims to control Xiaodu speakers and IoT devices (requires an ACCESS_TOKEN and MCP configuration), which is coherent with the included scripts. However the declared metadata lists no required environment variables or binaries while the code clearly expects an Access Token, the mcporter CLI, jq, and npx (for dueros-iot-mcp). This mismatch (missing declarations) is disproportionate and confusing.
Instruction Scope: concernSKILL.md and the scripts instruct the agent to run mcporter commands and to read/write files under the user's home workspace (e.g., ~/openclaw/workspace and $HOME/.openclaw/workspace). The scripts update log files and edit a MEMORY.md file (agent memory) which could persist device information. Paths are inconsistent across files (~/openclaw/workspace vs $HOME/.openclaw/workspace). The instructions do not declare or warn about persisting potentially sensitive device identifiers or tokens.
Install Mechanism: noteThere is no install spec (instruction-only), which lowers install-time risk. However runtime commands (scripts and config_template.json) rely on npx to fetch the 'dueros-iot-mcp' npm package and on mcporter being present; npx will download code from npm at runtime if not already installed, which is a moderate risk and should be declared. No external archive downloads or obscure URLs were found.
Credentials: concernThe skill metadata declares no required env vars, but config_template.json and SKILL.md assume an ACCESS_TOKEN (DuerOS token) and scripts expect to use it via mcporter/npx. The primary credential is not declared. Requesting an Access Token is appropriate for the stated purpose, but the omission from requires.env is an incoherence and may lead to accidental misconfiguration or token leakage.
Persistence & Privilege: notealways:false (good). The skill writes device lists, logs, and updates a MEMORY.md file in the user's workspace. Writing these files is plausible for a device-management skill, but the behavior is significant (persists device identifiers and logs). The skill does not ask to modify other skills or system-wide settings.