← Back to Skills Marketplace

Yuzhua (驭爪) - Gesture-Controlled OpenClaw Chat

Name: Yuzhua (驭爪) - Gesture-Controlled OpenClaw Chat
Author: juguangyuan520-dotcom

by Juguangyuan · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

347

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install yuzhua

Description

Install, start, stop, and health-check Yuzhua (gesture + voice + OpenClaw gateway) with minimal manual setup.

Usage Guidance

This skill is coherent for installing and running a local Yuzhua app, but it clones and executes code from a remote GitHub repository without verifying a commit/tag or signature. Before running: (1) inspect the repository (and the repo's start.sh) to ensure it does what you expect; (2) avoid placing real secrets in .env unless you trust the upstream code; (3) prefer setting YUZHUA_REPO_URL to a vetted fork or a specific commit/tag; (4) run the install/start in a restricted environment (container or VM) if you want to limit risk; (5) ensure git, curl, and lsof are available and review output during install/start. If you cannot review the upstream repo, treat this as higher risk.

Capability Analysis

Type: OpenClaw Skill Name: yuzhua Version: 1.0.0 The skill bundle is designed to install and manage the 'Yuzhua' project by cloning its repository from GitHub and executing its local scripts. The primary security concern lies in scripts/install.sh and scripts/start.sh, which download and execute code from an external source (https://github.com/juguangyuan520-dotcom/Yuzhua.git) without any integrity checks or sandboxing. While this behavior is consistent with the skill's stated purpose, the execution of unverified remote scripts constitutes a significant supply-chain risk and a potential vector for remote code execution.

Capability Assessment

✓ Purpose & Capability

Name/description match the provided scripts and SKILL.md. The skill only implements install, start, stop, and health-check behaviour for a local Yuzhua project and uses expected options (YUZHUA_HOME, YUZHUA_REPO_URL, YUZHUA_API_URL, YUZHUA_PORT). No unrelated credentials or services are requested.

ℹ Instruction Scope

SKILL.md and scripts stay within the stated scope: install.sh clones/updates the repo and prepares .env, start.sh execs the project's own start.sh, health_check.sh queries a local HTTP status endpoint, and stop.sh kills processes on the configured port. One important note: start.sh execs the upstream project's start.sh (i.e., arbitrary code from the cloned repo will run), which is outside the skill's own review surface.

ℹ Install Mechanism

There is no packaged installer; install.sh clones from a GitHub repo (https://github.com/juguangyuan520-dotcom/Yuzhua.git). Using git+GitHub is common, but the script clones/updates and then relies on the repo's start.sh without verifying commit, tag, or signature. That creates a risk if the remote repo is malicious or compromised.

✓ Credentials

The skill declares no required credentials and only uses optional environment variables for paths, repo URL, API URL, and port. The scripts create a local .env from .env.example when present; this is reasonable for local configuration. There is no built-in exfiltration of .env in the skill itself, but the upstream project's code (run by start.sh) could access or transmit secrets in .env.

✓ Persistence & Privilege

The skill does not request elevated platform privileges, does not set always:true, and does not modify other skills or global agent configs. It performs actions only under the configured YUZHUA_HOME path.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install yuzhua
After installation, invoke the skill by name or use /yuzhua
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release of yuzhua-openclaw skill, providing easy local setup and management for Yuzhua (gesture + voice AI) via OpenClaw gateway. - Install, start, stop, and health-check Yuzhua with simple bash scripts. - Supports open/close hand gesture triggers for local voice-driven AI conversations. - Connects conversation routing through OpenClaw gateway, without modifying OpenClaw core processes. - All speech processing (recognition, VAD, TTS) runs locally. - Environment variables and simple customization for paths and repo URLs. - Scripts automate project setup, startup, status checking, and shutdown.

Metadata

Slug yuzhua

Version 1.0.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Yuzhua (驭爪) - Gesture-Controlled OpenClaw Chat?

Install, start, stop, and health-check Yuzhua (gesture + voice + OpenClaw gateway) with minimal manual setup. It is an AI Agent Skill for Claude Code / OpenClaw, with 347 downloads so far.

How do I install Yuzhua (驭爪) - Gesture-Controlled OpenClaw Chat?

Run "/install yuzhua" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Yuzhua (驭爪) - Gesture-Controlled OpenClaw Chat free?

Yes, Yuzhua (驭爪) - Gesture-Controlled OpenClaw Chat is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Yuzhua (驭爪) - Gesture-Controlled OpenClaw Chat support?

Yuzhua (驭爪) - Gesture-Controlled OpenClaw Chat is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Yuzhua (驭爪) - Gesture-Controlled OpenClaw Chat?

It is built and maintained by Juguangyuan (@juguangyuan520-dotcom); the current version is v1.0.0.

More Skills