← Back to Skills Marketplace
gumadeiras

roku

by Gustavo Madeira Santana · GitHub ↗ · v2.0.0
cross-platform ⚠ suspicious
2164
Downloads
0
Stars
1
Active Installs
4
Versions
Install in OpenClaw
/install roku
Description
Control Roku devices via CLI. Discovery, remote control, app launching, search, and HTTP bridge mode for real-time control.
Usage Guidance
Do not install or run this skill without further review. Specific concerns: - The package claims a Node/TypeScript CLI but the shipped files are Python; verify the actual npm package (roku-ts-cli) and whether the binary on PATH is trusted and matches the code. - The bundle contains a Telegram poller (roku-telegram.py) that requires TELEGRAM_TOKEN and will poll api.telegram.org and write commands to a local pipe. If you set TELEGRAM_TOKEN, the skill will have network access to Telegram and can receive remote commands — only provide this token if you intend that behavior. - The code expects ROKU_IP in env or will attempt discovery; it also creates /tmp/roku-control and /tmp/roku-daemon.sock for inter-process control — check permissions and who can write to these pipes to avoid unauthorized control. - SKILL.md mentions an HTTP bridge service, but no bridge implementation is present in the shipped code; do not assume the bridge exists or is safe. What to do next: 1) Inspect the actual npm package 'roku-ts-cli' (source, versions, and install scripts) before installing the declared npm package. 2) If you only want CLI control, prefer the upstream project (GitHub link) and follow its documented install (python vs npm) — confirm which runtime is required. 3) If you must try this, run it in an isolated environment (VM/container) and do not expose TELEGRAM_TOKEN or other secrets until you confirm behavior. 4) Ask the publisher for clarifications: why Node install is declared when files are Python, and why TELEGRAM_TOKEN/ROKU_IP are not declared in metadata.
Capability Analysis
Type: OpenClaw Skill Name: roku Version: 2.0.0 The skill is classified as suspicious due to two main indicators. First, the `SKILL.md` documentation describes a `roku bridge install-service` command which installs a persistent native OS service (launchd/systemd). While documented as a feature, installing persistent services is a high-risk capability that modifies the system. Second, the `roku-telegram.py` script connects to the external `api.telegram.org` endpoint using a `TELEGRAM_TOKEN` from environment variables, establishing continuous network communication with an external service. Although these actions align with the stated purpose of controlling a Roku device via a bridge or Telegram, they represent risky capabilities without clear malicious intent, pushing it beyond benign.
Capability Assessment
Purpose & Capability
The skill claims a TypeScript/Node CLI (roku-ts-cli) and the registry install uses an npm package that provides a 'roku' binary, but the packaged files are Python scripts that expect python-roku and requests. That mismatch (Node install but Python code included) is disproportionate and unexplained.
Instruction Scope
SKILL.md documents a CLI and an HTTP bridge service, but the repository files do not include an HTTP bridge implementation. Included Python daemons create /tmp/roku-control and /tmp/roku-daemon.sock and a Telegram poller that will call api.telegram.org — none of these runtime behaviours (especially Telegram polling) are declared in the skill metadata or required env vars.
Install Mechanism
Registry metadata/install spec installs the npm package 'roku-ts-cli' (moderate risk, expected for a Node CLI). However, the bundle contains Python scripts that require pip-installed dependencies (python-roku, requests) and no Python install steps are declared. This mismatch means the declared install mechanism does not provision artifacts the code needs.
Credentials
The skill declares no required env vars, but files expect ROKU_IP (used by daemon/listener/fast) and TELEGRAM_TOKEN (rok u-telegram.py will exit unless TELEGRAM_TOKEN is set). TELEGRAM_TOKEN gives outgoing network access to Telegram and is not listed in metadata; this under-reporting of credentials is a proportionality and transparency issue.
Persistence & Privilege
SKILL.md instructs how to install a persistent bridge service (launchd/systemd) and shows a --user option; the included code does spawn background daemons and creates named pipes/sockets under /tmp. The skill is not marked always:true, but it does include components that can run persistently — verify what actually installs as a service before enabling.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install roku
  3. After installation, invoke the skill by name or use /roku
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.0
Major rewrite: native bridge service, TypeScript, fast
v1.0.2
- Added explicit reference to the CLI homepage in the Setup section. - Clarified "CLI available at: https://github.com/gumadeiras/roku-cli" in documentation. - No functional changes to the skill.
v1.0.1
- Updated homepage URL to https://github.com/gumadeiras/roku-cli - Added setup note about enabling mobile app control on Roku device (found under: Settings → System → Advanced System Settings → Control by Mobile Apps → Enable)
v1.0.0
Initial release of the roku CLI skill. - Control Roku devices from the command line using python-roku. - Discover Roku devices on your local network. - Navigate menus and control playback with simple commands. - Launch and list Roku apps by name or app ID. - Enter text for search or input fields via CLI. - Check current app and device info from the command line.
Metadata
Slug roku
Version 2.0.0
License
All-time Installs 1
Active Installs 1
Total Versions 4
Frequently Asked Questions

What is roku?

Control Roku devices via CLI. Discovery, remote control, app launching, search, and HTTP bridge mode for real-time control. It is an AI Agent Skill for Claude Code / OpenClaw, with 2164 downloads so far.

How do I install roku?

Run "/install roku" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is roku free?

Yes, roku is completely free (open-source). You can download, install and use it at no cost.

Which platforms does roku support?

roku is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created roku?

It is built and maintained by Gustavo Madeira Santana (@gumadeiras); the current version is v2.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments