Duwi Smart Home

The skill implements a CLI client for the Duwi open platform and its requirements and actions match its description: it asks for Duwi APPKEY/SECRET and user credentials, stores tokens locally, and communicates with Duwi's API — nothing in the files indicates covert or unrelated behavior.

This skill appears to do what it says: it implements a Duwi API client and CLI for smart-home control. Before installing, consider: (1) it requires a Python runtime and the 'requests' library — install/verify these before use; (2) you will provide an APPKEY and SECRET (application-level credentials) and your account phone/password; these are stored locally in app_config.json and token_cache.json in the skill directory — check and, if desired, relocate or protect those files; (3) the skill talks to https://openapi.duwi.com.cn/homeApi/v1 — if you need to verify the vendor, confirm this endpoint and the package origin (source/homepage are unknown in the registry metadata); (4) review the included scripts yourself (they are plain Python and human-readable) if you have sensitive environments; (5) run the tool in a constrained environment or VM if you want to limit blast radius. Overall, nothing in the code indicates covert exfiltration or unrelated behavior, but verify the APPKEY/SECRET handling and the network endpoint if provenance is a concern.