← 返回 Skills 市场

roku

Name: roku
Author: gumadeiras

作者 Gustavo Madeira Santana · GitHub ↗ · v2.0.0

cross-platform ⚠ suspicious

2164

总下载

当前安装

版本数

在 OpenClaw 中安装

/install roku

功能描述

Control Roku devices via CLI. Discovery, remote control, app launching, search, and HTTP bridge mode for real-time control.

安全使用建议

Do not install or run this skill without further review. Specific concerns: - The package claims a Node/TypeScript CLI but the shipped files are Python; verify the actual npm package (roku-ts-cli) and whether the binary on PATH is trusted and matches the code. - The bundle contains a Telegram poller (roku-telegram.py) that requires TELEGRAM_TOKEN and will poll api.telegram.org and write commands to a local pipe. If you set TELEGRAM_TOKEN, the skill will have network access to Telegram and can receive remote commands — only provide this token if you intend that behavior. - The code expects ROKU_IP in env or will attempt discovery; it also creates /tmp/roku-control and /tmp/roku-daemon.sock for inter-process control — check permissions and who can write to these pipes to avoid unauthorized control. - SKILL.md mentions an HTTP bridge service, but no bridge implementation is present in the shipped code; do not assume the bridge exists or is safe. What to do next: 1) Inspect the actual npm package 'roku-ts-cli' (source, versions, and install scripts) before installing the declared npm package. 2) If you only want CLI control, prefer the upstream project (GitHub link) and follow its documented install (python vs npm) — confirm which runtime is required. 3) If you must try this, run it in an isolated environment (VM/container) and do not expose TELEGRAM_TOKEN or other secrets until you confirm behavior. 4) Ask the publisher for clarifications: why Node install is declared when files are Python, and why TELEGRAM_TOKEN/ROKU_IP are not declared in metadata.

功能分析

Type: OpenClaw Skill Name: roku Version: 2.0.0 The skill is classified as suspicious due to two main indicators. First, the `SKILL.md` documentation describes a `roku bridge install-service` command which installs a persistent native OS service (launchd/systemd). While documented as a feature, installing persistent services is a high-risk capability that modifies the system. Second, the `roku-telegram.py` script connects to the external `api.telegram.org` endpoint using a `TELEGRAM_TOKEN` from environment variables, establishing continuous network communication with an external service. Although these actions align with the stated purpose of controlling a Roku device via a bridge or Telegram, they represent risky capabilities without clear malicious intent, pushing it beyond benign.

能力评估

⚠ Purpose & Capability

The skill claims a TypeScript/Node CLI (roku-ts-cli) and the registry install uses an npm package that provides a 'roku' binary, but the packaged files are Python scripts that expect python-roku and requests. That mismatch (Node install but Python code included) is disproportionate and unexplained.

⚠ Instruction Scope

SKILL.md documents a CLI and an HTTP bridge service, but the repository files do not include an HTTP bridge implementation. Included Python daemons create /tmp/roku-control and /tmp/roku-daemon.sock and a Telegram poller that will call api.telegram.org — none of these runtime behaviours (especially Telegram polling) are declared in the skill metadata or required env vars.

⚠ Install Mechanism

Registry metadata/install spec installs the npm package 'roku-ts-cli' (moderate risk, expected for a Node CLI). However, the bundle contains Python scripts that require pip-installed dependencies (python-roku, requests) and no Python install steps are declared. This mismatch means the declared install mechanism does not provision artifacts the code needs.

⚠ Credentials

The skill declares no required env vars, but files expect ROKU_IP (used by daemon/listener/fast) and TELEGRAM_TOKEN (rok u-telegram.py will exit unless TELEGRAM_TOKEN is set). TELEGRAM_TOKEN gives outgoing network access to Telegram and is not listed in metadata; this under-reporting of credentials is a proportionality and transparency issue.

ℹ Persistence & Privilege

SKILL.md instructs how to install a persistent bridge service (launchd/systemd) and shows a --user option; the included code does spawn background daemons and creates named pipes/sockets under /tmp. The skill is not marked always:true, but it does include components that can run persistently — verify what actually installs as a service before enabling.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install roku
安装完成后，直接呼叫该 Skill 的名称或使用 /roku 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v2.0.0

Major rewrite: native bridge service, TypeScript, fast

v1.0.2

- Added explicit reference to the CLI homepage in the Setup section. - Clarified "CLI available at: https://github.com/gumadeiras/roku-cli" in documentation. - No functional changes to the skill.

v1.0.1

- Updated homepage URL to https://github.com/gumadeiras/roku-cli - Added setup note about enabling mobile app control on Roku device (found under: Settings → System → Advanced System Settings → Control by Mobile Apps → Enable)

v1.0.0

Initial release of the roku CLI skill. - Control Roku devices from the command line using python-roku. - Discover Roku devices on your local network. - Navigate menus and control playback with simple commands. - Launch and list Roku apps by name or app ID. - Enter text for search or input fields via CLI. - Check current app and device info from the command line.

元数据

Slug roku

版本 2.0.0

许可证 —

累计安装 1

当前安装数 1

历史版本数 4

常见问题

roku 是什么？

Control Roku devices via CLI. Discovery, remote control, app launching, search, and HTTP bridge mode for real-time control. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 2164 次。

如何安装 roku？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install roku」即可一键安装，无需额外配置。

roku 是免费的吗？

是的，roku 完全免费（开源免费），可自由下载、安装和使用。

roku 支持哪些平台？

roku 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 roku？

由 Gustavo Madeira Santana（@gumadeiras）开发并维护，当前版本 v2.0.0。