ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

soarm-control

v1.0.1

Control the robotic arm through the OpenClaw SOARM API. Use this skill when reading current joint state, moving by joint angles, moving by XYZ coordinates, o...

2· 431·0 current·0 all-time
by@yuyoujiang

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for yuyoujiang/soarm-control.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "soarm-control" (yuyoujiang/soarm-control) from ClawHub.
Skill page: https://clawhub.ai/yuyoujiang/soarm-control
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install yuyoujiang/soarm-control

ClawHub CLI

Package manager switcher

npx clawhub@latest install soarm-control
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with included code: the repository provides a local Flask API, joint/X/Y/Z motion scripts, IK via Pinocchio, and a YOLO-based detection routine. The functionality (robot control + vision) is coherent with the stated purpose.
!
Instruction Scope
SKILL.md instructs running a local server and curling endpoints on http://127.0.0.1:8000 which matches the included soarm_api.py. However the README references additional files (references/so101_new_calib.urdf and a YOLO model 'best.pt' inside scripts) that are not present in the file manifest; the SKILL.md also leaves 'prepare lerobot env' vague. The API and scripts access local hardware (serial device /dev/ttyACM0 and a camera), so running this skill will operate hardware and camera—expected for a robot-control skill but high-impact. The instructions do not document dependency installation or how model/URDF files are supplied.
!
Install Mechanism
No install spec is provided (instruction-only), but start_server.sh requires conda and a 'lerobot' conda environment. The code depends on heavy native and Python packages (pinocchio, OpenCV, ultralytics/YOLO, numpy). There is no automated install, no pinned package list, and no guidance for obtaining model weights/URDF; this mismatch increases the chance of runtime failures or manual misconfiguration.
Credentials
The skill does not request secrets or unrelated credentials. start_server.sh uses environment variables for configuration (SOARM_API_HOST/PORT, SOARM_PORT, LEROBOT_ROOT, CONDA_BIN) which are reasonable for a local hardware-control tool. No suspicious credential exfiltration is present in the visible code.
Persistence & Privilege
Flags show always:false and normal autonomous invocation. The skill does not request forced inclusion or claim to modify other skills or system-wide configuration. No persistence escalation observed.
What to consider before installing
This skill appears to implement a local SOARM robot controller (Flask API, IK, vision). Before installing: 1) Do not run the server unless you are on the machine that actually hosts the robot and camera; the code will attempt to open /dev/ttyACM0 and camera devices and will move hardware. 2) Verify the missing files referenced in SKILL.md (references/so101_new_calib.urdf and the YOLO weights 'best.pt')—they are referenced but not present in the manifest; ask the publisher where to obtain them. 3) Prepare an isolated test environment (separate machine or network) and a conda env named 'lerobot' or update start_server.sh to point to your conda; dependencies (pinocchio, ultralytics, opencv, lerobot package) must be installed manually. 4) Inspect the full soarm_api.py (the provided copy was truncated) to ensure no unexpected network endpoints or hidden behavior; confirm YOLO/model loading uses local files only. 5) If you need higher assurance, request from the publisher: (a) a complete dependency/install script, (b) the referenced URDF and model files or their trusted sources, and (c) the full untruncated source of soarm_api.py. Given missing files and lack of install guidance, treat this package as potentially unreliable or unsafe to run on production hardware until those gaps are resolved.

Like a lobster shell, security has layers — review code before you run it.

latestvk9737qp7pnjghf10rbjsdjyy2n82rd94
431downloads
2stars
2versions
Updated 11h ago
v1.0.1
MIT-0
@yuyoujiang
latest
Download

🦐 SOARM Control Skill

Use the existing SOARM API to control the robotic arm directly.

⚙️ Configuration Notes

Default Local Setup (when on same machine):

  • API Base URL: http://127.0.0.1:8000

🔍 Key APIs & Examples

Read Current State

curl -sS http://127.0.0.1:8000/joints

Returns current joint values and XYZ end-effector position.

Move To a Position By Joint Angles

curl -sS -X POST http://127.0.0.1:8000/move/joints \
  -H 'Content-Type: application/json' \
  -d '{"angles":[0,0,0,0,0,0]}'

Parameter Notes:

  • Joints order: shoulder_pan, shoulder_lift, elbow_flex, wrist_flex, wrist_roll, gripper
  • First 5 joints use degrees (deg)
  • Gripper uses 0-100 range

Fixed Positions:

Nameshoulder_panshoulder_liftelbow_flexwrist_flexwrist_rollgripper
initial0-1049565-9510
top_down0-503090-9570

Examples:

Return to initial:

curl -sS -X POST http://127.0.0.1:8000/move/joints \
  -H 'Content-Type: application/json' \
  -d '{"angles":[0,-104,95,65,-95,10]}'

Return to top_down:

curl -sS -X POST http://127.0.0.1:8000/move/joints \
  -H 'Content-Type: application/json' \
  -d '{"angles":[0,-50,30,90,-95,70]}'

Move By XYZ Coordinates

curl -sS -X POST http://127.0.0.1:8000/move/xyz \
  -H 'Content-Type: application/json' \
  -d '{"x":0.2,"y":0.0,"z":0.2}'

Parameter Notes:

  • x: forward/backward (positive = forward)
  • y: left/right (positive = left)
  • z: up/down (positive = up)
  • Values in meters

Trigger a Pick Task

curl -sS -X POST http://127.0.0.1:8000/pick

Returns:

  • ok: true if the task was accepted
  • message: 抓取任务已启动
  • Returns HTTP 409 if another pick task is already running

🐙 Quick Commands I Can Run

Return to initial position

curl -sS -X POST http://localhost:8000/move/joints \
  -H 'Content-Type: application/json' \
  -d '{"angles":[0,-104,95,65,-95,10]}'

Return to top-down position

curl -sS -X POST http://localhost:8000/move/joints \
  -H 'Content-Type: application/json' \
  -d '{"angles":[0,-50,30,90,-95,70]}'

Read current position

curl -sS http://localhost:8000/joints

🛠️ Setup Notes

When pairing your SOARM device with OpenClaw:

  1. Organize the skill directory

    ├── references
│   └── so101_new_calib.urdf  # download from TheRobotStudio 
├── scripts
│   ├── best.pt  # yolo11n model
│   ├── control_soarm_joints.py
│   ├── move_soarm_to_xyz_pinocchio.py
│   ├── read_soarm_joints.py
│   ├── soarm_api.py
│   └── start_server.sh
└── SKILL.md

  2. Perpare lerobot env

  3. Launch the server

    ~/.openclaw/workspace/skills/soarm-control 
bash scripts/start_server.sh

Comments

Loading comments...