Skillv0.1.0

ClawScan security

Embodied-OS - AI Robot Control System · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 7, 2026, 10:52 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill claims to be a unified robot OS but the package is instruction-only, requests only LLM API keys and python3 while referencing many unrelated files and other projects (video generator), which is internally inconsistent and warrants caution.
Guidance: This package is internally inconsistent: it advertises a full robot OS but only asks for LLM API keys and python3, and it contains unrelated video-generator documentation. Before installing or providing credentials, do the following: 1) Verify the publisher and the GitHub repository (https://github.com/ZhenRobotics/openclaw-embodied-os) and inspect the actual package code on PyPI/GitHub; don't trust docs alone. 2) Confirm which vendor SDKs, drivers, and device credentials are actually required for the robots you intend to control — this skill does not declare them. 3) Avoid giving full API keys to packages you haven't inspected; consider using limited-scope keys or separate accounts. 4) If you plan to install, audit the pip/npm packages (look for unexpected network calls, binaries, or extract/install scripts). 5) Because the bundle includes unrelated files (video generator), ask the maintainer why these are included or request a clean package that only contains the robot OS docs and code. 6) Run any new robot-control software in a safe, sandboxed environment and test with simulated robots before connecting real hardware. If you want, provide the link to the package code or the pip package name and I can help inspect for specific red flags.

Review Dimensions

Purpose & Capability: concernThe skill's name/description promise a 'unified robot OS' supporting multiple vendors (UR, Franka, Boston Dynamics Spot, etc.), yet the declared requirements are only python3 and LLM API keys (ANTHROPIC_API_KEY, OPENAI_API_KEY). No vendor SDKs, device credentials, network endpoints, or hardware drivers are requested or documented as required. Additionally, the bundle includes three files describing a separate 'video-generator' skill, which is unrelated to embodied robot control — suggesting packaging or intent inconsistency.
Instruction Scope: concernSKILL.md directs the agent/user to install packages (pip/npm), clone repositories, set LLM API keys, and run code that would control real-world hardware. The instructions do not show how to authenticate or securely connect to the listed robot platforms, nor do they request or document device-specific credentials/config paths. The included extra files (video-generator docs) instruct the agent to run shell scripts in a default project path and assume project directories; mixing these instructions with robot control expands scope unexpectedly. The skill also contains examples of commanding physical tasks (e.g., chemistry experiment steps) that have safety implications but no concrete safety/authentication controls in the instructions.
Install Mechanism: noteThe skill is instruction-only (no install spec in registry) which reduces immediate installation risk. SKILL.md nevertheless recommends running pip/npm installs and git clone of github.com/ZhenRobotics/openclaw-embodied-os (and other repos in included files). Because the skill does not itself include an automated install step, the security risk depends on the external packages you choose to install; those should be inspected before installing. The metadata's 'install' entry (pip install openclaw-embodied-os) is unsurprising but unverified here.
Credentials: concernRequiring both ANTHROPIC_API_KEY and OPENAI_API_KEY is coherent with supporting multiple LLM providers (Claude + GPT). However, for a robotic OS that claims to interface with vendor robots and hardware, it is surprising that no device- or vendor-specific credentials, SDK paths, or config files are requested. The presence of unrelated video-skill files that only mention OPENAI_API_KEY further highlights inconsistent environment assumptions across the bundled files.
Persistence & Privilege: okThe skill does not request always:true and is user-invocable; it does not declare any system-wide config paths or modifications. There is no evidence in SKILL.md of the skill attempting to alter other skills or the agent runtime configuration automatically.