Embodied-OS - AI Robot Control System
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Review before installing: this skill is meant to drive real robots through AI agents, but its safety scope is unclear and it also ships unrelated video-generator instructions.
Install only after reviewing the actual openclaw-embodied-os package and removing the unrelated video-generator files. Start in simulation, configure hardware safety limits and emergency stops, require explicit confirmation for physical movement, and use restricted API keys with clear rules for sensor-data sharing.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overbroad prompt could cause a connected robot to move, manipulate objects, press buttons, open doors, or otherwise affect the real world.
The skill exposes high-level AI-driven commands that can actuate real robots and manipulate the physical environment, but the artifact does not require explicit confirmation or safety checks before movement.
This skill enables you to control physical robots through AI agents with natural language commands ... agent.execute("Pick up the red cube and place it in the box")Use only in simulation or supervised test areas until the underlying package is verified, hardware safety limits are configured, and every physical action requires explicit user approval.
Users may over-trust the robot safety posture and connect real hardware before validating collision avoidance, force limits, workspace bounds, or emergency-stop behavior.
The skill makes a strong safety assurance for physical robots, but the provided artifacts are instruction-only and show optional safety examples rather than mandatory, verifiable controls.
✅ Safety System - Multi-layer safety guarantees for physical robots
Treat the safety claims as unverified until tested on the actual robot stack; require documented safety defaults, fail-safe behavior, and human supervision.
If these extra files are loaded or referenced, the agent may confuse the robot skill with a video-generation skill and run unrelated commands or dependencies.
A package for an embodied robot-control skill includes unrelated video-generator activation instructions that tell the agent when to trigger a different workflow.
name: video-generator ... AUTO-TRIGGER ... TRIGGER EXAMPLES (always use this skill for these)
Remove unrelated old skill files from the package and publish only the files needed for the embodied-os skill.
The reviewed skill text cannot confirm what the installed robot-control package will execute on the user's machine or connected robots.
Installing external packages is purpose-aligned for this framework, but versions are unpinned and no runnable package code is included in the reviewed artifacts.
pip install openclaw-embodied-os ... npm install openclaw-embodied-os ... git clone https://github.com/ZhenRobotics/openclaw-embodied-os.git
Verify the PyPI/npm/GitHub package source, pin versions or commits, and review the installed code before granting robot or credential access.
Provider keys may incur costs and could authorize model calls involving robot commands or observations.
The skill uses Anthropic/OpenAI API keys for AI-agent integration, which is expected for the stated purpose but grants access to paid provider accounts.
export ANTHROPIC_API_KEY="sk-ant-..." ... export OPENAI_API_KEY="sk-..."
Use least-privilege, dedicated API keys with spending limits and rotate them if exposed.
Camera, audio, or task context from a robot deployment could be sensitive if sent to external providers or custom agents.
The skill combines external AI-provider agents with robot perception inputs; this is core to the product, but the artifact does not spell out data boundaries.
AI Agent Layer (Claude, GPT, Custom Agents) ... Multi-Modal Perception - Vision, audio, and tactile sensing
Clarify what sensor data is transmitted to which provider, disable unnecessary modalities, and avoid using it in private spaces without consent.