← Back to Skills Marketplace
2020
Downloads
1
Stars
3
Active Installs
2
Versions
Install in OpenClaw
/install reachy-mini
Description
Control a Reachy Mini robot (by Pollen Robotics / Hugging Face) via its REST API and SSH. Use for any request involving the Reachy Mini robot — moving the head, body, or antennas; playing emotions or dances; capturing camera snapshots; adjusting volume; managing apps; checking robot status; or any physical robot interaction. The robot has a 6-DoF head, 360° body rotation, two animated antennas, a wide-angle camera (with non-disruptive WebRTC snapshot), 4-mic array, and speaker.
Usage Guidance
This skill appears to genuinely control a Reachy Mini, but pay attention to the following before installing:
- Missing declarations: The skill metadata does NOT declare required environment variables or a primary credential, yet the scripts expect REACHY_HOST, REACHY_SSH_USER and REACHY_SSH_PASS. Treat that as a red flag — confirm where you'll store the robot host and credentials.
- Credentials & defaults: The documentation uses a default SSH password ('root') and the scripts will use sshpass if provided. Prefer creating a dedicated, unprivileged account on the robot and using an SSH key; avoid placing a plaintext password in environment variables if possible.
- Insecure SSH options: The scripts use StrictHostKeyChecking=no which disables host-key verification. That eases automation but makes man-in-the-middle attacks easier. If you proceed, replace sshpass/disabled host-key-checking with SSH keys and known_hosts pinning.
- Binaries required at runtime: The scripts rely on curl, jq, ssh, scp, sshpass (optional) and on GStreamer/Python GObject for on-robot snapshots. Ensure these are present and that running them with provided credentials is acceptable in your environment.
- Network & trust: The skill will attempt to contact whatever REACHY_HOST you configure (default is a local IP). Only install/use this skill on networks and devices you control and trust. Review the scripts (they are included) to verify they don't call any unexpected external endpoints — they only contact the robot in the provided files.
If you plan to use this skill: (1) remove or change default credentials on the robot, (2) prefer an SSH key and drop sshpass usage, (3) pin the robot's SSH host key, (4) set the required env vars explicitly and securely, and (5) audit the CLI's 'raw' and 'app-install' commands before giving the agent autonomous invocation rights.
Capability Analysis
Type: OpenClaw Skill
Name: reachy-mini
Version: 1.1.0
The skill is classified as suspicious due to the insecure handling of SSH credentials. The `scripts/reachy.sh` script uses `sshpass` to provide the `REACHY_SSH_PASS` (default 'root') on the command line when performing camera snapshots. This exposes the SSH password in plaintext within the process list of the OpenClaw agent's host, which is a significant security risk. While the intent is to control the robot, this method of credential management is highly vulnerable to local information disclosure.
Capability Assessment
Purpose & Capability
The skill's purpose (control a Reachy Mini) matches the included scripts (curl to robot REST API, SSH/scp for snapshots, GStreamer capture). However the skill metadata declares no required environment variables or credentials while the scripts clearly rely on REACHY_HOST, REACHY_SSH_USER, and REACHY_SSH_PASS (with defaults). Not declaring these required secrets/binaries is an incoherence: a robot-control skill should explicitly declare the robot host and credential requirements.
Instruction Scope
SKILL.md and the scripts instruct the agent to call the robot's REST API and to SSH/SCP into the device to capture camera frames. The scripts use sshpass, disable host-key checking (-o StrictHostKeyChecking=no), and perform scp/ssh commands — actions that access remote device credentials and copy files. These instructions stay within the claimed domain (robot control) but include insecure SSH options and implicit credential use that should be explicit and justified.
Install Mechanism
No install spec (instruction-only + shipped scripts). That reduces installer risk because nothing is downloaded at install time. The runtime does depend on external binaries (curl, ssh, scp, sshpass, jq, gstreamer/Python GObject/Gst) but no packages are installed by the skill itself.
Credentials
The skill metadata lists no required environment variables or primary credential, but SKILL.md and the scripts require REACHY_HOST, REACHY_PORT, REACHY_SSH_USER, and REACHY_SSH_PASS (defaults provided, including a default password 'root'). The scripts will use sshpass if available and will accept a password from REACHY_SSH_PASS. This is disproportionate and under-declared: any skill that performs SSH to a device should declare and justify the credentials it needs and recommend safer alternatives (SSH key, restricted user).
Persistence & Privilege
always:false (good). The skill can be invoked autonomously (platform default). Combined with the ability to use provided SSH credentials and call arbitrary API endpoints (the CLI supports raw API calls), autonomous invocation would increase blast radius — but autonomous invocation alone is not a disqualifier.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install reachy-mini - After installation, invoke the skill by name or use
/reachy-mini - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
Updated 1.1.0 release.
- Added `reachy-react.sh` script for contextual robot reactions integrated with heartbeat, cron, and session triggers.
- Provides quick commands for nodding, success, alerts, reminders, idle animation, morning wake-up, goodnight routine, patrol (snapshot), directional audio tracking, and celebration dances.
- Built-in quiet hours skip reactions automatically at night, with auto-wake and fault-tolerant behavior.
- No changes to existing `reachy.sh` CLI or core documentation.
v1.0.0
Initial release of reachy-mini — a CLI and API toolkit for controlling a Reachy Mini robot.
- Control the robot's head, body, and antennas with precise goto commands.
- Play expressive emotions and fun dances using built-in animation presets.
- Capture non-disruptive camera snapshots via SSH/WebRTC.
- Adjust speaker/mic volume and test audio interactively.
- Manage robot apps (start/stop/list) and check system status.
- Access all REST endpoints directly via CLI or curl for advanced use.
- Includes troubleshooting tips, movement guides, and environment variable setup.
Metadata
Frequently Asked Questions
What is Reachy Mini?
Control a Reachy Mini robot (by Pollen Robotics / Hugging Face) via its REST API and SSH. Use for any request involving the Reachy Mini robot — moving the head, body, or antennas; playing emotions or dances; capturing camera snapshots; adjusting volume; managing apps; checking robot status; or any physical robot interaction. The robot has a 6-DoF head, 360° body rotation, two animated antennas, a wide-angle camera (with non-disruptive WebRTC snapshot), 4-mic array, and speaker. It is an AI Agent Skill for Claude Code / OpenClaw, with 2020 downloads so far.
How do I install Reachy Mini?
Run "/install reachy-mini" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Reachy Mini free?
Yes, Reachy Mini is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Reachy Mini support?
Reachy Mini is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Reachy Mini?
It is built and maintained by afalk42 (@afalk42); the current version is v1.1.0.
More Skills