← Back to Skills Marketplace
cindulasai

ClawShorts

by cindulasai · GitHub ↗ · v1.3.2 · MIT-0
cross-platform ⚠ suspicious
203
Downloads
1
Stars
1
Active Installs
11
Versions
Install in OpenClaw
/install clawshorts
Description
Block YouTube Shorts on Fire TV. Use when asked to check, manage, or configure YouTube Shorts limiting on Buck's Fire TV devices. Triggers on requests like "...
README (SKILL.md)

ClawShorts

YouTube Shorts limiter for Fire TV. Monitors watch time per device and auto-blocks when daily limit is reached.

Invocation

Primary entry point:

~/.openclaw/workspace/skills/clawshorts/scripts/clawshorts.sh \x3Ccommand>

Commands

Command When to use
status Check today's usage, remaining quota, daemon health
reset [IP] Reset today's counter (all devices or specific IP)
start Start the daemon if not running
stop Stop the daemon
history [days] Show watch history (default 30 days)
logs [N] Show last N daemon log lines (default 50)
list List all configured devices with per-device config
setup \x3CIP> [NAME] First-time setup for a new device
add \x3CIP> [NAME] Add another Fire TV
connect \x3CIP> Connect ADB to device + auto-detect screen
enable \x3CIP> / disable \x3CIP> Enable/disable a device
config [show|get|set|reset] View/set global or per-device config
detect \x3CIP> Re-detect screen resolution via ADB, update DB

Detection Logic

Detection requires both conditions to be true simultaneously:

  1. Player width \x3C 30% of screen width (configurable per-device)
  2. Aspect ratio \x3C 1.3 (portrait — distinguishes Shorts from 16:9 landscape previews)
  • Poll interval: 3 seconds via ADB
  • Shorts: ~32% screen width, 9:16 portrait (ar ~0.56)
  • Regular video: ~100% screen width, 16:9 landscape (ar ~1.78)
  • Home/browse: no video active
  • Only actual Shorts playback counts toward limit

Configuration

All detection parameters are stored in SQLite with global defaults and per-device overrides.

Global defaults (shorts config):

key default description
shorts_width_threshold 0.30 player width must be \x3C this ratio of screen width
shorts_max_aspect_ratio 1.3 portrait if ar \x3C this value
shorts_fallback_height_ratio 0.4 fallback: player height must exceed this ratio of screen height
shorts_delta_cap 300 max seconds accumulated per poll
default_screen_width 1920 fallback assumed screen width
default_screen_height 1080 fallback assumed screen height

Per-device overrides — any of the above can be set per-device in the devices table. NULL = use global default.

Config commands:

shorts config                    # show all global defaults
shorts config get \x3Ckey>         # get a specific value
shorts config set \x3Ckey> \x3Cvalue> # set global default
shorts config set \x3CIP> \x3Ccol> \x3Cvalue>  # set per-device override
shorts config reset \x3CIP>        # clear per-device overrides
shorts detect \x3CIP>              # re-detect screen via ADB

Data Locations

  • Database: ~/.clawshorts/clawshorts.db (SQLite)
    • config — global detection defaults
    • devices — per-device settings (IP, name, limit, screen size, thresholds)
    • daily_usage — daily watch time per device
  • Daemon log: ~/.clawshorts/daemon.log
  • LaunchAgent: ~/Library/LaunchAgents/com.fink.clawshorts.plist

Requirements

  • adb (Android platform tools)
  • Python 3
  • Fire TV with ADB debugging enabled
  • shorts symlink at /opt/homebrew/bin/shorts (optional)

⚠️ Security Notes

ADB has no built-in authentication. Only enable ADB Debugging on a trusted, password-protected home network. Never on public WiFi. Anyone on the same network with ADB enabled can connect to your Fire TV.

This tool only accepts private IP addresses (10.x.x.x, 172.16–31.x.x, 192.168.x.x). Public IPs are rejected to prevent accidental targeting of unrelated hosts.

Usage Guidance
This skill appears to implement what it claims (blocking YouTube Shorts on Fire TV via ADB) and does not contact external servers or request secrets — but there are important caveats: - ADB is unauthenticated: only enable ADB debugging on a trusted, password-protected home network. Anyone on the same LAN could control a device with ADB enabled. - IP validation mismatch: SKILL.md promises the tool will accept only private IPs, but the Python validator was audited as not enforcing private-range checks. Before installing, either: (a) confirm you will only add private IPs manually, or (b) patch/verify src/clawshorts/validators.py to use ipaddress.ip_address(...).is_private/is_loopback as recommended in SECURITY_AUDIT.md. - Abrupt app termination: the daemon force-stops YouTube without an on-screen warning. If you want gentler behavior, implement a configurable grace/warning period or notification before calling 'am force-stop'. - Installation creates user-level autostart entries and may add a symlink under /opt/homebrew/bin (may require elevated privileges). Review the LaunchAgent/systemd unit before enabling and consider adding resource limits to the plist/service. If you decide to proceed: run the code in a test environment first, review/patch the validator to enforce private IPs, enable debug logging to observe behavior, and keep ADB disabled when not actively using the tool.
Capability Assessment
Purpose & Capability
Name/description align with the code and required binaries: the skill uses adb + python3 to monitor Fire TV UI and force-stop YouTube when a per-device daily limit is reached. No unrelated cloud credentials or external services are requested.
Instruction Scope
SKILL.md and README claim the tool “only accepts private IP addresses”, but the Python validator (src/clawshorts/validators.py) was audited as only validating octets (0–255) and not enforcing private ranges. Bash helpers include a private-range check, but the authoritative Python path may accept public IPs. The daemon and scripts create files under ~/.clawshorts, install user LaunchAgent/systemd units, run adb commands, and can force-stop apps via ADB—these are expected for the stated purpose, but the mismatch around IP validation and the lack of a user-visible warning/grace period before force-stopping YouTube are problematic.
Install Mechanism
No remote downloads or URL installs; the package is instruction + included code files only. Installation writes files to the user home directory (~/.clawshorts) and can create a symlink in /opt/homebrew/bin and a user LaunchAgent/systemd service. No untrusted network fetches are performed by the daemon according to the audit.
Credentials
The skill requests no environment variables or external credentials (good). It requires adb and python3 and reads/writes only user-owned paths. It does create symlinks under /opt/homebrew/bin (may require privilege/sudo) and manipulates user-level services (launchctl/systemctl) — these are proportional to running a persistent local daemon but worth noting.
Persistence & Privilege
The skill persists as a user-level LaunchAgent/systemd service and includes a health-check sidecar that can kill/restart daemon processes (uses pgrep/pkill/launchctl). 'always' is false; the skill is user-invocable and can be installed to start at login. The control over process lifecycle is broad but confined to the user's account and processes matching 'clawshorts'; however pkill/pgrep usage is somewhat imprecise and could match unintended processes in rare cases.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install clawshorts
  3. After installation, invoke the skill by name or use /clawshorts
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.3.2
Add bash-layer IP validation: validate_ip_bash() rejects public IPs in shell before calling Python. Closes the last validation gap flagged by ClawHub scanner.
v1.3.1
Security fixes: private IP validation (rejects public IPs), ADB auth warning in SKILL.md, precise process killing in cmd_stop. SECURITY_AUDIT.md added.
v1.3.0
Add metadata: declares required binaries (adb, python3). Resolves medium-confidence scanner flag about missing binary declarations.
v1.2.0
Clean re-publish after credential leak incident. No workspace files, no venv, no credentials. All defaults reconciled to DB values (width_threshold=0.30).
v1.0.5
Per-device config
v1.1.0
Per-device config with SQLite
v1.0.4
Initial public release of ClawShorts. - Blocks YouTube Shorts on Fire TV by monitoring watch time and enforcing daily limits. - Provides CLI commands for status, usage history, device management, and daemon control. - Includes a background daemon, device detection logic, and SQLite data storage. - Adds troubleshooting documentation and unit tests for device and security functionality.
v1.0.3
- Removed all source code, scripts, tests, and documentation files. - Skill is now an empty shell with only metadata (SKILL.md) remaining. - Functionality and usage documentation have been removed from the repository.
v1.0.2
- Revised and clarified command descriptions and usage instructions in SKILL.md. - Improved skill invocation guidance and renamed some command explanations for consistency. - Added more precise detection logic and data storage location details. - Updated requirements section for clearer setup expectations. - Added TROUBLESHOOTING.md for separate troubleshooting documentation.
v1.0.1
Block YouTube Shorts on Fire TV. Set daily limit, auto-reset, multi-device support.
v1.0.0
Block YouTube Shorts on Fire TV. Set daily limit, auto-reset, multi-device support.
Metadata
Slug clawshorts
Version 1.3.2
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 11
Frequently Asked Questions

What is ClawShorts?

Block YouTube Shorts on Fire TV. Use when asked to check, manage, or configure YouTube Shorts limiting on Buck's Fire TV devices. Triggers on requests like "... It is an AI Agent Skill for Claude Code / OpenClaw, with 203 downloads so far.

How do I install ClawShorts?

Run "/install clawshorts" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is ClawShorts free?

Yes, ClawShorts is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does ClawShorts support?

ClawShorts is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created ClawShorts?

It is built and maintained by cindulasai (@cindulasai); the current version is v1.3.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments