← Back to Skills Marketplace
RealWorldClaw
by
brianzhibo-design
· GitHub ↗
· v0.1.0
544
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install realworldclaw
Description
Give your AI agent physical world capabilities via RealWorldClaw — control ESP32 modules, read sensors (temperature, humidity, motion), actuate relays/servos...
Usage Guidance
This skill is internally consistent with its stated purpose (ESP32/IoT control) but review and harden a few things before use: 1) Inspect and edit config.json — replace the default api_url if you don't want data sent to the public endpoint. 2) Note MQTT is configured to skip TLS certificate verification (tls_insecure_set(True)), which is insecure for non-local/trusted networks — enable proper cert verification if using TLS or prefer plain local MQTT without TLS. 3) The CLI will read/write config.json and rules.json in the skill folder — treat those files as sensitive (they may contain device access codes). 4) Run the skill in a network-isolated environment (or firewall rules) if you plan to control production hardware. 5) Review the scripts/rwc.py source (already included) for any behavioral changes before running, and pin/verify the versions of httpx and paho-mqtt you install. If you need higher assurance, avoid using the default cloud API and only operate against devices on a trusted local network.
Capability Analysis
Type: OpenClaw Skill
Name: realworldclaw
Version: 0.1.0
The skill is classified as suspicious primarily due to a critical security vulnerability in `scripts/rwc.py` where SSL certificate verification is explicitly disabled for MQTT connections (`client.tls_insecure_set(True)`). This makes local communication with ESP32 devices vulnerable to Man-in-the-Middle attacks, allowing potential interception or manipulation of sensor data and commands. Additionally, the skill, as instructed in `SKILL.md` and implemented in `scripts/rwc.py`, sends user-provided registration and login credentials (username, email, password) to an external third-party API (`https://realworldclaw-api.fly.dev/api/v1`). While this is documented as intended functionality, it represents a high-risk action requiring significant trust in the external service.
Capability Assessment
Purpose & Capability
Name/description (control ESP32 sensors/actuators, automation) align with the provided CLI code (scripts/rwc.py) and protocol spec. The commands, device config, and rule management are coherent with the claimed purpose.
Instruction Scope
Runtime instructions and the CLI only reference config.json and rules.json inside the skill directory and network calls to local device IPs or the optional cloud API. Nothing in SKILL.md or the code asks to read unrelated system files or secrets, but the skill will perform network communication (local MQTT/HTTP and an external cloud API by default).
Install Mechanism
There is no packaged install spec (instruction-only), which minimizes install-time risk. The SKILL.md recommends installing two Python packages (httpx, paho-mqtt) via pip — a common, low-friction approach. No archives or arbitrary remote code downloads are performed during installation.
Credentials
The skill requests no environment variables or external credentials in the registry metadata, which is proportional. However, it does use a default external API (https://realworldclaw-api.fly.dev) if config.json is not changed; that endpoint could receive device or telemetry data if you call the platform API commands. Also, the code will use any access_code placed in config.json for MQTT auth.
Persistence & Privilege
The skill does not request always:true or elevated agent-wide privileges. It persists only its own config.json and rules.json in the skill directory. Autonomous invocation is allowed by default (platform normal), which combined with network access means the skill can perform device actions when invoked.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install realworldclaw - After installation, invoke the skill by name or use
/realworldclaw - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release: ESP32 sensor reading, actuator control, automation rules, platform API integration
Metadata
Frequently Asked Questions
What is RealWorldClaw?
Give your AI agent physical world capabilities via RealWorldClaw — control ESP32 modules, read sensors (temperature, humidity, motion), actuate relays/servos... It is an AI Agent Skill for Claude Code / OpenClaw, with 544 downloads so far.
How do I install RealWorldClaw?
Run "/install realworldclaw" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is RealWorldClaw free?
Yes, RealWorldClaw is completely free (open-source). You can download, install and use it at no cost.
Which platforms does RealWorldClaw support?
RealWorldClaw is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created RealWorldClaw?
It is built and maintained by brianzhibo-design (@brianzhibo-design); the current version is v0.1.0.
More Skills