ClawHub

XLink IoT Agent

v0.1.0

Xlink IoT Agent - Query IoT devices and events via Xlink Gateway API. Provides device overview, device list, event instance queries, and alert statistics. Us...

0· 102·0 current·0 all-time
by@allenkwok
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, CLI commands, SKILL.md examples, and the included Python modules all focus on querying and controlling devices via the Xlink Gateway API. The three required env vars (XLINK_APP_ID, XLINK_APP_SECRET, XLINK_API_GROUP) are exactly what an authenticated gateway client would need.
Instruction Scope
Runtime instructions and CLI usage in SKILL.md map directly to functions implemented in scripts/xlink_api.py and gateway_app_client.py. The instructions only reference environment variables declared in metadata and targets the documented Xlink API endpoints. One operational note: the client supports a --debug/logging mode and the code logs request details (URL, params, data) under debug; enabling debug may expose request payloads in logs, so avoid debug in sensitive environments.
Install Mechanism
No install spec or external downloads are declared (lowest-risk install model). The skill includes local Python script files (no packaging/install step). There are no URLs, extract operations, or third-party installers in the manifest.
Credentials
The skill requests only XLINK_APP_ID, XLINK_APP_SECRET, and XLINK_API_GROUP (plus an optional XLINK_BASE_URL in examples). Those are proportionate to authenticating and scoping API calls. Reminder: XLINK_APP_SECRET is sensitive; the code uses it to sign requests (expected) and should be protected (do not check into source control).
Persistence & Privilege
The skill does not request persistent platform privileges (always:false) and does not modify other skills or system-wide settings. It is user-invocable and can be invoked autonomously by the agent (default), which is normal for skills.
Assessment
This skill appears to do what it says — it calls Xlink Gateway endpoints and requires Xlink credentials. Before installing: (1) only supply XLINK_APP_SECRET to trusted skills and rotate the secret if it might be exposed; (2) prefer creating a least-privilege App ID/Group in Xlink for this usage; (3) verify the XLINK_BASE_URL points to your intended Xlink gateway (default is api-gw.xlink.cn); (4) avoid enabling debug/logging in production because the client logs request params and payloads which could leak sensitive data; (5) review the included scripts locally if you plan to run device-control commands, since those commands will invoke actions on real devices.

Like a lobster shell, security has layers — review code before you run it.

apivk973jaz9qcs9rt190182a9g1e583hs6wautomationvk973jaz9qcs9rt190182a9g1e583hs6wdevice-managementvk973jaz9qcs9rt190182a9g1e583hs6windustrial-iotvk973jaz9qcs9rt190182a9g1e583hs6wiotvk973jaz9qcs9rt190182a9g1e583hs6wlatestvk973jaz9qcs9rt190182a9g1e583hs6wsaasvk973jaz9qcs9rt190182a9g1e583hs6wxlinkvk973jaz9qcs9rt190182a9g1e583hs6w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvXLINK_APP_ID, XLINK_APP_SECRET, XLINK_API_GROUP
Primary envXLINK_APP_ID

Comments