Ezviz Open Camera Broadcast
v1.0.3萤石语音广播技能。支持本地音频文件上传或文本转语音,实现语音内容下发到设备播放。 Use when: 需要向萤石设备发送语音通知、广播、提醒等音频内容。 ⚠️ 安全要求:必须设置 EZVIZ_APP_KEY 和 EZVIZ_APP_SECRET 环境变量,使用最小权限凭证。
⭐ 0· 226·0 current·0 all-time
byEzvizOpenTeam@ezviz-open
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, required env vars (EZVIZ_APP_KEY, EZVIZ_APP_SECRET, EZVIZ_DEVICE_SERIAL), and the code all match an Ezviz audio upload + broadcast capability. No unrelated cloud keys or unrelated binaries are requested.
Instruction Scope
SKILL.md and scripts instruct the agent to use environment vars or fallback to read ~/.openclaw/*.json for channels.ezviz, obtain tokens, run TTS via system commands (say/espeak/ffmpeg) and upload audio to openai.ys7.com endpoints. This is within the stated scope, but the fallback config-file reading and use of system subprocesses are scope-expanding behaviors the user should accept explicitly.
Install Mechanism
No remote download/install spec; only a simple Python dependency (requests) is required and the shipped Python scripts implement the functionality. No risky external installers or short/obfuscated URLs are used.
Credentials
Requested environment variables are proportional to the task. Caveats: the skill reads OpenClaw config files as a fallback (may expose other local config if mispopulated) and uses a global token cache in the system temp dir shared by other skills—though cache file permissions are set to 0600. The SKILL.md explicitly recommends using dedicated, least-privilege AppKey/AppSecret.
Persistence & Privilege
always:false and no modifications to other skills or system-wide settings. The only persistent artifact is an optional shared token cache in /tmp; this is normal for token reuse but is a shared resource to be aware of.
Assessment
What to consider before installing: 1) Use dedicated Ezviz AppKey/AppSecret with minimal permissions (do not reuse main account credentials). 2) If you don't want any local config fallback, set the env vars (EZVIZ_APP_KEY, EZVIZ_APP_SECRET, EZVIZ_DEVICE_SERIAL) so the skill skips ~/.openclaw/* files; inspect those files first to ensure they don't contain unrelated secrets. 3) The skill caches tokens under the system temp dir (/tmp/ezviz_global_token_cache/global_token_cache.json) with 0600 permissions; set EZVIZ_TOKEN_CACHE=0 to disable caching if you prefer no on-disk tokens. 4) The skill invokes system TTS binaries (say/espeak/ffmpeg) via subprocess; ensure those binaries are trusted and available, or provide a pre-generated audio file instead. 5) Review the included scripts (scripts/audio_broadcast.py and lib/token_manager.py) yourself if possible—functionality is straightforward and matches the documentation. 6) If you are concerned about autonomous invocation, control when the skill runs (it is user-invocable and not forced-always), and consider limiting agent permissions or monitoring broadcast actions.Like a lobster shell, security has layers — review code before you run it.
latestvk979gkmcqe0qsej4307yeegaj9834xn8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔊 Clawdis
EnvEZVIZ_APP_KEY, EZVIZ_APP_SECRET, EZVIZ_DEVICE_SERIAL
Primary envEZVIZ_APP_KEY