← Back to Skills Marketplace
2165
Downloads
0
Stars
2
Active Installs
3
Versions
Install in OpenClaw
/install wyoming-clawdbot
Description
Wyoming Protocol bridge for Home Assistant voice assistant integration with Clawdbot.
Usage Guidance
This package appears to implement the advertised Wyoming→Clawdbot bridge, but there are a few issues to consider before installing:
- The code calls a local 'clawdbot' CLI; make sure you have that CLI installed and understand its security model. The skill metadata did not declare this required binary.
- docker-compose.yml mounts ${HOME}/.clawdbot into the container. That directory likely contains your Clawdbot credentials/tokens — mounting it into a container gives the container full access to those secrets. Only do this if you trust the code and the runtime environment.
- The compose file specifies 'build: .' but the repository in the package does not include a Dockerfile (manifest shows none). The provided Docker instructions may fail; you may need to run the Python script directly in a venv instead.
- The service binds to 0.0.0.0 and uses host networking, exposing the Wyoming service on your LAN/host. Consider firewall rules or binding to localhost if you only want local access.
If you want to proceed, inspect the cloned repository yourself (or the upstream GitHub repo), verify the Dockerfile/build context before running containers, and examine the contents of ~/.clawdbot to understand what secrets will be exposed. If you do not trust the upstream source, run the Python script in a restricted environment (non-privileged user, no sensitive mounts) or avoid mounting your home config into the container.
Capability Analysis
Type: OpenClaw Skill
Name: wyoming-clawdbot
Version: 1.0.2
The skill is classified as suspicious due to several high-risk capabilities, despite lacking clear evidence of intentional malicious behavior. The `docker-compose.yml` file uses `network_mode: host`, granting the container full access to the host's network stack, and mounts `${HOME}/.clawdbot` from the host, exposing potentially sensitive configuration or credentials. Additionally, the `wyoming_clawdbot.py` script executes the `clawdbot` CLI tool using `asyncio.create_subprocess_exec` with user-controlled input (`transcript.text`), which, while implemented to mitigate direct shell injection, still represents a potential command injection vector if the `clawdbot` executable itself is vulnerable. These capabilities, while potentially necessary for the stated purpose, introduce significant security risks.
Capability Assessment
Purpose & Capability
The Python code implements a Wyoming protocol server that forwards transcripts to a local Clawdbot CLI — this is coherent with the skill name/description. However, the package metadata declares no required binaries or config paths while the code and docker-compose clearly require the 'clawdbot' CLI and access to a Clawdbot config directory (~/.clawdbot). That omission is an inconsistency.
Instruction Scope
SKILL.md instructs cloning the GitHub repo and running docker compose up. The docker-compose.yml mounts ${HOME}/.clawdbot into the container (exposes local Clawdbot credentials/config) and uses network_mode: host (opens the service to the host network). These steps are relevant for the stated purpose, but the instructions do not warn about exposing local config/tokens. Also the included repository lacks a Dockerfile (docker-compose uses 'build: .' which will fail or be confusing), which is an instruction/packaging mismatch.
Install Mechanism
This is effectively instruction-only (no formal install spec). The SKILL.md/README tell users to git clone from GitHub — GitHub is a normal source. There is no third-party archive download or obscure URL. However, the repo package includes a docker-compose that expects a build context but no Dockerfile was provided in the manifest, creating an install/runtime problem.
Credentials
The skill declares no required environment variables or config paths, yet the runtime relies on an external 'clawdbot' CLI and the user's ~/.clawdbot config (docker-compose mounts that path). Access to ~/.clawdbot likely exposes authentication tokens or keys for Clawdbot — this is proportional if you intend to bridge to your local Clawdbot, but it should be explicitly declared and documented. The omission is a notable mismatch.
Persistence & Privilege
The skill does not request always:true and does not alter other skills. But the recommended deployment uses network_mode: host and listens by default on 0.0.0.0:10600, which exposes the service to the local network/host. Running as a long-lived systemd/Docker service (as README suggests) is expected for this use-case but increases the blast radius if the service or container is misconfigured or compromised.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install wyoming-clawdbot - After installation, invoke the skill by name or use
/wyoming-clawdbot - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
Use $HOME instead of hardcoded path in docker-compose.yml
v1.0.1
Use $HOME instead of hardcoded path in docker-compose.yml
v1.0.0
Initial release: Wyoming Protocol bridge for Home Assistant voice integration
Metadata
Frequently Asked Questions
What is Wyoming Clawdbot?
Wyoming Protocol bridge for Home Assistant voice assistant integration with Clawdbot. It is an AI Agent Skill for Claude Code / OpenClaw, with 2165 downloads so far.
How do I install Wyoming Clawdbot?
Run "/install wyoming-clawdbot" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Wyoming Clawdbot free?
Yes, Wyoming Clawdbot is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Wyoming Clawdbot support?
Wyoming Clawdbot is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Wyoming Clawdbot?
It is built and maintained by vglafirov (@vglafirov); the current version is v1.0.2.
More Skills