← Back to Skills Marketplace
846
Downloads
2
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install bluetooth
Description
Discover, connect, and control Bluetooth devices with automatic profile learning, cross-platform tools, and device management.
README (SKILL.md)
Core Workflow
- Scan — Discover nearby devices
- Identify — Match against known profiles or learn new device
- Connect — Establish link with appropriate protocol
- Execute — Send commands, read data, manage state
- Learn — Update device profile based on interaction success/failure
Quick Reference
| Need | Load |
|---|---|
| CLI commands by platform | tools.md |
| Device profile management | profiles.md |
| Security rules and warnings | security.md |
| Patterns by use case | use-cases.md |
Workspace
Store device profiles and interaction history:
~/bluetooth/
├── profiles/ # Known device configs (one file per device)
├── history.md # Interaction log with success/failure
└── pending.md # Devices discovered but not profiled
Critical Rules
- Never auto-connect to unknown devices — require explicit user confirmation
- Whitelist first — only interact with pre-authorized devices
- Log everything — every connection attempt, command, result
- Fail gracefully — if device unreachable, retry with backoff, then report
- Profile learning — when something works, save it; when it fails, note why
Platform Detection
| OS | Primary Tool | Fallback |
|---|---|---|
| Linux | bluetoothctl |
hcitool, gatttool |
| macOS | blueutil |
system_profiler, CoreBluetooth |
| Windows | WinRT/PowerShell | pnputil for enumeration |
| Cross-platform | Bleak (Python) | Noble (Node.js) |
Device Interaction Pattern
1. Check ~/bluetooth/profiles/ for device
2. If known → load profile, use saved commands
3. If unknown → scan characteristics, discover capabilities
4. Execute requested action
5. Verify result (read state, check acknowledgment)
6. Update profile: what worked, what failed, timing
Usage Guidance
This skill is mostly coherent for managing Bluetooth devices, but review and tighten before installing.
- Contradictory security guidance: the docs both forbid storing pairing keys in plain text and instruct documenting PIN/passkeys in profiles. Decide on a single secure policy (prefer not storing secrets; if you must, encrypt them).
- Local sensitive data: profiles/history will contain MAC addresses, device names, timestamps, and possibly pairing info. Protect ~/bluetooth with restrictive file permissions (chmod 700) or avoid storing persistent secrets.
- Packet capture requires root: btmon/packet capture needs elevated privileges; only run captures in a controlled environment and delete captures when done.
- External syncs: use-cases reference pushing data to Strava/Garmin/Health but no credential handling is provided. Do not enter third-party credentials unless you understand where and how they will be stored/transmitted; prefer manual, explicit auth flows.
- Logging/privacy: 'log everything' can create a privacy risk (location tracking via MACs). If you install, configure what is logged and avoid exporting logs off-device.
- Agent autonomy: the skill is user-invocable and can be followed by the agent at runtime; if you allow autonomous agent actions, consider restricting its permissions or asking for confirmations for pairing/first connections.
What would change this assessment: if the skill included executable code or an install script that performed network calls, uploaded profiles, or requested credentials automatically, it would be higher risk. If the author supplied clear encrypted-storage guidance for secrets and an explicit, secure mechanism for external syncs (OAuth flows, scoped tokens), that would reduce concerns.
Capability Analysis
Type: OpenClaw Skill
Name: bluetooth
Version: 1.0.0
The OpenClaw Bluetooth skill bundle is classified as benign. The documentation, particularly `SKILL.md` and `security.md`, explicitly outlines strong security practices such as whitelisting, mandatory user confirmation for connections and pairing, comprehensive logging, and warnings against common Bluetooth attack vectors (e.g., not trusting device names, never sending credentials over BLE). While the skill utilizes powerful system commands like `sudo btmon` (in `tools.md` and `use-cases.md`) for legitimate diagnostic purposes like packet capture, and mentions syncing data to external services (e.g., Strava in `use-cases.md`), these capabilities are presented within the scope of the skill's stated purpose and are accompanied by clear instructions for secure and user-consented operation. There is no evidence of intentional harmful behavior, data exfiltration to unauthorized endpoints, or prompt injection designed to subvert the agent's security directives.
Capability Assessment
Purpose & Capability
Name and description (discover/connect/control Bluetooth devices) align with the provided instructions and supporting docs. The SKILL.md and tools.md reference expected platform tools (bluetoothctl, blueutil, Bleak, Noble) and workflows for profiling, scanning, and GATT interactions; nothing requested is unrelated to Bluetooth management.
Instruction Scope
Instructions explicitly direct reading/writing files under ~/bluetooth (profiles, history, pending), running local platform Bluetooth tools, and optionally capturing HCI traffic with btmon (root). They also instruct logging 'everything' and allow storing device identifiers and pairing info in profile files. Security guidance is internally contradictory (e.g., 'NEVER store pairing keys in plain text' vs. 'Document PIN/passkey in profile (if static)'). Use-cases mention syncing data to external services (Strava/Garmin) but provide no mechanism or credential handling — this could lead to accidental leakage if a user or agent follows through. Overall the instruction scope stays within Bluetooth functionality but contains risky and inconsistent privacy/security directives.
Install Mechanism
There is no install spec and no code files to write/execute; the skill is instruction-only. This is the lowest install risk (nothing is downloaded or installed by the skill itself).
Credentials
The skill declares no required environment variables or credentials, which is proportionate for a local Bluetooth helper. However, several workflows (sync to external services, pushing to Health/Strava/Garmin) imply the later need for third-party credentials; those are not declared or documented. The skill also encourages storing MAC addresses and possibly PINs in local files — sensitive data that should be handled deliberately. No direct credential exfiltration is requested, but the documentation places responsibility on the user to avoid insecure storage.
Persistence & Privilege
always:false and user-invocable:true. The skill's persistent footprint is limited to user-land files under ~/bluetooth (profiles, history). It does not request system-wide config changes or permanent elevated privileges. Packet capture guidance explicitly requires root but does not instruct the skill to obtain or store elevated tokens.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install bluetooth - After installation, invoke the skill by name or use
/bluetooth - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Bluetooth?
Discover, connect, and control Bluetooth devices with automatic profile learning, cross-platform tools, and device management. It is an AI Agent Skill for Claude Code / OpenClaw, with 846 downloads so far.
How do I install Bluetooth?
Run "/install bluetooth" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Bluetooth free?
Yes, Bluetooth is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Bluetooth support?
Bluetooth is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Bluetooth?
It is built and maintained by Iván (@ivangdavila); the current version is v1.0.0.
More Skills