Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Ma2 Control
v1.1.0grandMA2 实体控台控制技能。通过 Telnet 连接控台执行命令。 用于:选灯、调光、存 Cue、播放、查询等 MA2 操作。 触发条件:用户提到 MA2、grandMA2、灯光控台、选灯、存 Cue、执行器等。 执行命令必须使用 ~/ma2_bridge/ma2_cmd.sh 脚本。
⭐ 0· 92·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name and description describe Telnet-based control of a grandMA2 console. Declared binaries (bash, curl, nc), required env vars (MA2_IP_EXPECTED, MA2_TELNET_PORT_EXPECTED), and the requirement to invoke ~/ma2_bridge/ma2_cmd.sh are consistent with that purpose.
Instruction Scope
The SKILL.md instructs the agent to call a local health endpoint (127.0.0.1:40100) and to execute ~/ma2_bridge/ma2_cmd.sh and, in troubleshooting, to run python3 ~/ma2_bridge/ma2_telnet_server.py. These steps are within the skill's domain (local bridge + telnet to console) but the SKILL.md references running python3 even though python3 is not listed in required binaries and no bridge code is included in the package — you should confirm the bridge scripts actually exist and are trusted. The skill does not instruct reading unrelated files or exfiltrating data to external endpoints.
Install Mechanism
Instruction-only skill with no install spec — it does not download or write code. This is the lower-risk model for skills, but it depends on an existing local ~/ma2_bridge in the user's environment which the skill does not provide.
Credentials
Required environment variables (MA2_IP_EXPECTED, MA2_TELNET_PORT_EXPECTED) are appropriate for a console-control skill. The SKILL.md also documents an optional MA2_HTTP_PORT_OVERRIDE that is not declared in requires.env, and python3 is referenced but not declared as a required binary — small documentation mismatches to verify.
Persistence & Privilege
always is false and the skill does not request any elevated or persistent platform privileges. It does not try to modify other skills or global agent settings.
Assessment
Before enabling this skill, confirm the following: (1) You have a trusted ~/ma2_bridge directory and the ma2_cmd.sh / ma2_telnet_server.py scripts are legitimate — the skill relies on those local scripts but does not include them. (2) python3 is required to run the bridge per the docs; ensure python3 is present and that any bridge server you run only connects to your intended MA2 hardware. (3) Set MA2_IP_EXPECTED and MA2_TELNET_PORT_EXPECTED correctly and restrict their values to the known console to avoid accidental commands to other hosts. (4) Because the agent may invoke this skill when certain keywords appear, consider whether you want autonomous invocation enabled for your agent (disable or restrict if you do not want the agent to send commands automatically). (5) If you cannot verify the contents of ma2_cmd.sh and the bridge server, do not enable the skill — a malicious or buggy local script could send unintended commands to lighting hardware.Like a lobster shell, security has layers — review code before you run it.
latestvk97d8ak9vyvtzg3sp8xmra28qn83kf4g
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎛️ Clawdis
Binsbash, curl, nc
EnvMA2_IP_EXPECTED, MA2_TELNET_PORT_EXPECTED