ClawHub

Closeli Open Device Live

v1.0.0

调用 ai-open-gateway 的设备直播接口 POST /api/device/live,获取指定设备的 H5 播放器直播链接。Use when: 需要远程查看设备实时画面、获取直播链接分享给他人。⚠️ 需设置 AI_GATEWAY_API_KEY。

0· 19·0 current·0 all-time
byCloseliOpenTeam@closeli-open
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: the included Python script calls /api/device/list and /api/device/live on ai-open-gateway to produce an H5 player URL. Required binary (python3) and primary env (AI_GATEWAY_API_KEY) are appropriate and expected.
Instruction Scope
SKILL.md restricts network access to the gateway endpoints and mandates formatting of output; the script follows those instructions. However the runtime explicitly supports reading a shared fallback file (~/.openclaw/.env) to obtain credentials/config, which broadens the data the skill can see. This behavior is declared in the docs, but it is a privacy surface to be aware of.
Install Mechanism
No install spec (instruction-only plus a single Python script). Dependency on httpx is local and the script prompts to pip-install it if missing. No remote downloads or archive extraction occur.
Credentials
Only AI_GATEWAY_API_KEY is required/declared as primary credential. The script will also read optional AI_GATEWAY_HOST/AI_GATEWAY_VERIFY_SSL/AI_GATEWAY_NO_ENV_FILE and — unless AI_GATEWAY_NO_ENV_FILE=true — will parse the entire ~/.openclaw/.env fallback file, which may contain unrelated secrets accessible to the skill. The metadata declares the config path, but reading a shared env file increases the scope of accessible secrets.
Persistence & Privilege
always is false; the skill does not request persistent system-wide privileges or modify other skills. Agent autonomous invocation remains the platform default but is not combined with other concerning privileges here.
Assessment
This skill is consistent with its purpose and appears safe functionally, but take these precautions before installing: - Prefer passing AI_GATEWAY_API_KEY via environment variable and set AI_GATEWAY_NO_ENV_FILE=true in production to avoid the skill reading ~/.openclaw/.env (that file is shared and may contain other secrets). - Ensure the AI_GATEWAY_HOST points to a trusted domain (default is https://ai-open-gateway.closeli.cn). Do not disable TLS verification in production (AI_GATEWAY_VERIFY_SSL=false) because that risks leaking your API key. - Limit the API key's privileges to only what's necessary for retrieving live URLs. - Be prepared to install the httpx Python package if your environment lacks it (python3 -m pip install httpx). - If you need higher assurance, review the included get_live_url.py source yourself or run it in a sandboxed account that does not have other sensitive credentials in ~/.openclaw/.env.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c057j36ncbz4838176q28zn84k0rt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3
EnvAI_GATEWAY_API_KEY
Primary envAI_GATEWAY_API_KEY

Comments