📺 roku — 遥控Roku设备

v2.0.0

通过命令行发现并遥控Roku设备，支持远程按键、启动应用、内容搜索及HTTP桥接实时控制，适合自动化脚本与智能家居集成。

0· 2.1k·1 当前·1 累计

by @gumadeiras (Gustavo Madeira Santana)

自动化网络工具 API工具系统工具

下载技能包

最后更新

2026/4/22

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

可疑

high confidence

NULL

评估建议

Do not install or run this skill without further review. Specific concerns: - The package claims a Node/TypeScript CLI but the shipped files are Python; verify the actual npm package (roku-ts-cli) and whether the binary on PATH is trusted and matches the code. - The bundle contains a Telegram poller (roku-telegram.py) that requires TELEGRAM_TOKEN and will poll api.telegram.org and write commands to a local pipe. If you set TELEGRAM_TOKEN, the skill will have network access to Telegram and can re...

详细分析 ▾

⚠ 用途与能力

The skill claims a TypeScript/Node CLI (roku-ts-cli) and the registry install uses an npm package that provides a 'roku' binary, but the packaged files are Python scripts that expect python-roku and requests. That mismatch (Node install but Python code included) is disproportionate and unexplained.

⚠ 指令范围

SKILL.md documents a CLI and an HTTP bridge service, but the repository files do not include an HTTP bridge implementation. Included Python daemons create /tmp/roku-control and /tmp/roku-daemon.sock and a Telegram poller that will call api.telegram.org — none of these runtime behaviours (especially Telegram polling) are declared in the skill metadata or required env vars.

⚠ 安装机制

Registry metadata/install spec installs the npm package 'roku-ts-cli' (moderate risk, expected for a Node CLI). However, the bundle contains Python scripts that require pip-installed dependencies (python-roku, requests) and no Python install steps are declared. This mismatch means the declared install mechanism does not provision artifacts the code needs.

⚠ 凭证需求

The skill declares no required env vars, but files expect ROKU_IP (used by daemon/listener/fast) and TELEGRAM_TOKEN (rok u-telegram.py will exit unless TELEGRAM_TOKEN is set). TELEGRAM_TOKEN gives outgoing network access to Telegram and is not listed in metadata; this under-reporting of credentials is a proportionality and transparency issue.

ℹ 持久化与权限

SKILL.md instructs how to install a persistent bridge service (launchd/systemd) and shows a --user option; the included code does spawn background daemons and creates named pipes/sockets under /tmp. The skill is not marked always:true, but it does include components that can run persistently — verify what actually installs as a service before enabling.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv2.0.02026/1/16

NULL

● 可疑

安装命令

点击复制

官方npx clawhub@latest install roku

镜像加速npx clawhub@latest install roku --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库