aida
Conversational interface for AIDA to get building status, control devices, optimize objectives, and run diagnostics via secure REST APIs.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 1 · 1.9k · 0 current installs · 0 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
SKILL.md and the code both implement an AIDA building-management integration (status, control, optimize, diagnostics) which is coherent with the skill name. However the registry metadata lacked a description and did not declare any required credentials or env vars, while the code clearly expects AIDA_API_URL and AIDA_API_KEY.
Instruction Scope
The runtime instructions say calls are authenticated via a bearer token and expect REST endpoints; they do not name the exact environment variables or say how the token is supplied. The code actually reads process.env.AIDA_API_URL and process.env.AIDA_API_KEY — the missing declaration is scope creep/omission and could lead to surprising secret access if the operator sets those env vars globally.
Install Mechanism
There is no install spec (instruction-only), but the package.json lists a single dependency (node-fetch). This is lightweight and expected for a JS HTTP client; the lack of an install step means runtime dependency resolution/packaging is up to the platform and should be verified.
Credentials
The code requires two environment values (AIDA_API_URL and AIDA_API_KEY) but the skill registry metadata declares no required env or primary credential. Requesting a bearer token for API access is reasonable for this purpose, but the omission of these env vars from the metadata is inconsistent and increases risk of accidental secret exposure or misconfiguration.
Persistence & Privilege
The skill is not always-enabled and uses the platform default of allowing autonomous invocation; it does not request persistent system-level privileges or modify other skills. No unusual persistence or privilege escalation was observed.
What to consider before installing
This skill implements HTTP calls to an AIDA API and requires two environment variables (AIDA_API_URL and AIDA_API_KEY), but the registry metadata and SKILL.md do not declare those names — a mismatch you should resolve before installing. Before you proceed: (1) verify and update the SKILL.md/manifest to list required env vars and intended endpoint(s); (2) ensure AIDA_API_URL points to a trusted internal HTTPS endpoint (not an arbitrary public server); (3) store the API key securely (do not put it in a broadly-scoped env if other skills/processes can read it); (4) review the included index.js yourself (it only performs simple fetch calls) and confirm you trust the package owner; (5) confirm how your OpenClaw runtime will install node dependencies. If you cannot confirm the intended AIDA host and secure handling of the API key, do not install or run the skill.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
AIDA Skill for OpenClaw
Skill Name
aida
Description
Conversational interface for AIDA (AI-driven smart building automation platform).
Supported Intents
- aida.status → Get live building status
- aida.control → Control devices (lights, shades, HVAC)
- aida.optimize → Optimize building objectives
- aida.diagnostics → Run preventive diagnostics
Example Utterances
- "AIDA, what's the building status?"
- "Optimize for energy savings."
- "Turn off lights on floor 3."
- "Run diagnostics on this zone."
AIDA Objectives Mapping
- Comfort Optimization
- Energy Optimization
- Preventive Maintenance
API Expectations
The skill expects AIDA to expose REST endpoints:
- GET /status
- POST /control
- POST /optimize
- GET /diagnostics
All calls are authenticated via bearer token.
Files
5 totalSelect a file
Select a file to preview.
Comments
Loading comments…