Is brianzhibo-design/realworldclaw safe?

https://github.com/openclaw/skills/tree/main/skills/brianzhibo-design/realworldclaw

91
SAFE

This skill provides legitimate IoT device control functionality for ESP32-based hardware through MQTT and HTTP communication. While it contains executable code and communicates with external services, the implementation appears well-structured and purpose-appropriate for IoT control.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (4)

LOW External API dependency -10

The skill communicates with an external service at https://realworldclaw-api.fly.dev/api/v1 for IoT platform functionality including user registration and device management.

LOW Executable Python script -10

The skill contains an executable Python script for IoT device control. The code appears legitimate and implements expected IoT functionality.

MEDIUM Physical device control capabilities -15

The skill is designed to control physical IoT devices including relays, servos, LEDs, and other actuators. While this is the skill's intended purpose, physical device control carries inherent safety risks if misused.

LOW Credential transmission to external service -5

The skill can send user credentials (username, email, password) to the external RealWorldClaw platform during user registration.