← 返回 Skills 市场
ClawShorts
作者
cindulasai
· GitHub ↗
· v1.3.2
· MIT-0
203
总下载
1
收藏
1
当前安装
11
版本数
在 OpenClaw 中安装
/install clawshorts
功能描述
Block YouTube Shorts on Fire TV. Use when asked to check, manage, or configure YouTube Shorts limiting on Buck's Fire TV devices. Triggers on requests like "...
使用说明 (SKILL.md)
ClawShorts
YouTube Shorts limiter for Fire TV. Monitors watch time per device and auto-blocks when daily limit is reached.
Invocation
Primary entry point:
~/.openclaw/workspace/skills/clawshorts/scripts/clawshorts.sh \x3Ccommand>
Commands
| Command | When to use |
|---|---|
status |
Check today's usage, remaining quota, daemon health |
reset [IP] |
Reset today's counter (all devices or specific IP) |
start |
Start the daemon if not running |
stop |
Stop the daemon |
history [days] |
Show watch history (default 30 days) |
logs [N] |
Show last N daemon log lines (default 50) |
list |
List all configured devices with per-device config |
setup \x3CIP> [NAME] |
First-time setup for a new device |
add \x3CIP> [NAME] |
Add another Fire TV |
connect \x3CIP> |
Connect ADB to device + auto-detect screen |
enable \x3CIP> / disable \x3CIP> |
Enable/disable a device |
config [show|get|set|reset] |
View/set global or per-device config |
detect \x3CIP> |
Re-detect screen resolution via ADB, update DB |
Detection Logic
Detection requires both conditions to be true simultaneously:
- Player width \x3C 30% of screen width (configurable per-device)
- Aspect ratio \x3C 1.3 (portrait — distinguishes Shorts from 16:9 landscape previews)
- Poll interval: 3 seconds via ADB
- Shorts: ~32% screen width, 9:16 portrait (ar ~0.56)
- Regular video: ~100% screen width, 16:9 landscape (ar ~1.78)
- Home/browse: no video active
- Only actual Shorts playback counts toward limit
Configuration
All detection parameters are stored in SQLite with global defaults and per-device overrides.
Global defaults (shorts config):
| key | default | description |
|---|---|---|
shorts_width_threshold |
0.30 | player width must be \x3C this ratio of screen width |
shorts_max_aspect_ratio |
1.3 | portrait if ar \x3C this value |
shorts_fallback_height_ratio |
0.4 | fallback: player height must exceed this ratio of screen height |
shorts_delta_cap |
300 | max seconds accumulated per poll |
default_screen_width |
1920 | fallback assumed screen width |
default_screen_height |
1080 | fallback assumed screen height |
Per-device overrides — any of the above can be set per-device in the devices table. NULL = use global default.
Config commands:
shorts config # show all global defaults
shorts config get \x3Ckey> # get a specific value
shorts config set \x3Ckey> \x3Cvalue> # set global default
shorts config set \x3CIP> \x3Ccol> \x3Cvalue> # set per-device override
shorts config reset \x3CIP> # clear per-device overrides
shorts detect \x3CIP> # re-detect screen via ADB
Data Locations
- Database:
~/.clawshorts/clawshorts.db(SQLite)config— global detection defaultsdevices— per-device settings (IP, name, limit, screen size, thresholds)daily_usage— daily watch time per device
- Daemon log:
~/.clawshorts/daemon.log - LaunchAgent:
~/Library/LaunchAgents/com.fink.clawshorts.plist
Requirements
adb(Android platform tools)- Python 3
- Fire TV with ADB debugging enabled
shortssymlink at/opt/homebrew/bin/shorts(optional)
⚠️ Security Notes
ADB has no built-in authentication. Only enable ADB Debugging on a trusted, password-protected home network. Never on public WiFi. Anyone on the same network with ADB enabled can connect to your Fire TV.
This tool only accepts private IP addresses (10.x.x.x, 172.16–31.x.x, 192.168.x.x). Public IPs are rejected to prevent accidental targeting of unrelated hosts.
安全使用建议
This skill appears to implement what it claims (blocking YouTube Shorts on Fire TV via ADB) and does not contact external servers or request secrets — but there are important caveats:
- ADB is unauthenticated: only enable ADB debugging on a trusted, password-protected home network. Anyone on the same LAN could control a device with ADB enabled.
- IP validation mismatch: SKILL.md promises the tool will accept only private IPs, but the Python validator was audited as not enforcing private-range checks. Before installing, either: (a) confirm you will only add private IPs manually, or (b) patch/verify src/clawshorts/validators.py to use ipaddress.ip_address(...).is_private/is_loopback as recommended in SECURITY_AUDIT.md.
- Abrupt app termination: the daemon force-stops YouTube without an on-screen warning. If you want gentler behavior, implement a configurable grace/warning period or notification before calling 'am force-stop'.
- Installation creates user-level autostart entries and may add a symlink under /opt/homebrew/bin (may require elevated privileges). Review the LaunchAgent/systemd unit before enabling and consider adding resource limits to the plist/service.
If you decide to proceed: run the code in a test environment first, review/patch the validator to enforce private IPs, enable debug logging to observe behavior, and keep ADB disabled when not actively using the tool.
能力评估
Purpose & Capability
Name/description align with the code and required binaries: the skill uses adb + python3 to monitor Fire TV UI and force-stop YouTube when a per-device daily limit is reached. No unrelated cloud credentials or external services are requested.
Instruction Scope
SKILL.md and README claim the tool “only accepts private IP addresses”, but the Python validator (src/clawshorts/validators.py) was audited as only validating octets (0–255) and not enforcing private ranges. Bash helpers include a private-range check, but the authoritative Python path may accept public IPs. The daemon and scripts create files under ~/.clawshorts, install user LaunchAgent/systemd units, run adb commands, and can force-stop apps via ADB—these are expected for the stated purpose, but the mismatch around IP validation and the lack of a user-visible warning/grace period before force-stopping YouTube are problematic.
Install Mechanism
No remote downloads or URL installs; the package is instruction + included code files only. Installation writes files to the user home directory (~/.clawshorts) and can create a symlink in /opt/homebrew/bin and a user LaunchAgent/systemd service. No untrusted network fetches are performed by the daemon according to the audit.
Credentials
The skill requests no environment variables or external credentials (good). It requires adb and python3 and reads/writes only user-owned paths. It does create symlinks under /opt/homebrew/bin (may require privilege/sudo) and manipulates user-level services (launchctl/systemctl) — these are proportional to running a persistent local daemon but worth noting.
Persistence & Privilege
The skill persists as a user-level LaunchAgent/systemd service and includes a health-check sidecar that can kill/restart daemon processes (uses pgrep/pkill/launchctl). 'always' is false; the skill is user-invocable and can be installed to start at login. The control over process lifecycle is broad but confined to the user's account and processes matching 'clawshorts'; however pkill/pgrep usage is somewhat imprecise and could match unintended processes in rare cases.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install clawshorts - 安装完成后,直接呼叫该 Skill 的名称或使用
/clawshorts触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.3.2
Add bash-layer IP validation: validate_ip_bash() rejects public IPs in shell before calling Python. Closes the last validation gap flagged by ClawHub scanner.
v1.3.1
Security fixes: private IP validation (rejects public IPs), ADB auth warning in SKILL.md, precise process killing in cmd_stop. SECURITY_AUDIT.md added.
v1.3.0
Add metadata: declares required binaries (adb, python3). Resolves medium-confidence scanner flag about missing binary declarations.
v1.2.0
Clean re-publish after credential leak incident. No workspace files, no venv, no credentials. All defaults reconciled to DB values (width_threshold=0.30).
v1.0.5
Per-device config
v1.1.0
Per-device config with SQLite
v1.0.4
Initial public release of ClawShorts.
- Blocks YouTube Shorts on Fire TV by monitoring watch time and enforcing daily limits.
- Provides CLI commands for status, usage history, device management, and daemon control.
- Includes a background daemon, device detection logic, and SQLite data storage.
- Adds troubleshooting documentation and unit tests for device and security functionality.
v1.0.3
- Removed all source code, scripts, tests, and documentation files.
- Skill is now an empty shell with only metadata (SKILL.md) remaining.
- Functionality and usage documentation have been removed from the repository.
v1.0.2
- Revised and clarified command descriptions and usage instructions in SKILL.md.
- Improved skill invocation guidance and renamed some command explanations for consistency.
- Added more precise detection logic and data storage location details.
- Updated requirements section for clearer setup expectations.
- Added TROUBLESHOOTING.md for separate troubleshooting documentation.
v1.0.1
Block YouTube Shorts on Fire TV. Set daily limit, auto-reset, multi-device support.
v1.0.0
Block YouTube Shorts on Fire TV. Set daily limit, auto-reset, multi-device support.
元数据
常见问题
ClawShorts 是什么?
Block YouTube Shorts on Fire TV. Use when asked to check, manage, or configure YouTube Shorts limiting on Buck's Fire TV devices. Triggers on requests like "... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 203 次。
如何安装 ClawShorts?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawshorts」即可一键安装,无需额外配置。
ClawShorts 是免费的吗?
是的,ClawShorts 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
ClawShorts 支持哪些平台?
ClawShorts 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ClawShorts?
由 cindulasai(@cindulasai)开发并维护,当前版本 v1.3.2。
推荐 Skills