ClawHub

Ezviz Open Restaurant Inspection

v1.0.3

Ezviz restaurant inspection skill. Captures device images and sends to Ezviz AI for food safety analysis.

0· 208·0 current·0 all-time
byEzvizOpenTeam@ezviz-open·duplicate of @shuanhu95/hsa-test
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description ask for Ezviz app credentials and device serial; the code uses those credentials to obtain a token, list/copy intelligent agents, capture images, and call the analysis endpoint (open.ys7.com and aidialoggw.ys7.com). The requested env vars (EZVIZ_APP_KEY, EZVIZ_APP_SECRET, EZVIZ_DEVICE_SERIAL) are appropriate for the declared functionality.
Instruction Scope
SKILL.md and scripts instruct the agent to read credentials from environment or ~/.openclaw config files, manage agents (list/copy), capture device images, and send them to aidialoggw.ys7.com. These actions match the declared side effects and are explicit. Note: reading OpenClaw config files is a legitimate credential fallback but means the skill may pull Ezviz credentials stored in a user's home config if present — review those files if you don't want automatic credential discovery.
Install Mechanism
No install spec or remote downloads are present; this is a Python script bundle that depends on the requests library (declared in SKILL.md). Nothing is fetched from arbitrary URLs or installed system-wide by the skill.
Credentials
Requested env vars (app key/secret/device serial) are proportional to the task. Two points to consider: (1) the token manager writes a global cache in /tmp/ezviz_global_token_cache/global_token_cache.json (intended behavior) which may be shared across Ezviz skills — ensure you trust other installed skills, and (2) the script will read ~/.openclaw/* config files as a fallback, which could reveal stored credentials if present. The SKILL.md recommends dedicated Ezviz credentials and offers a way to disable caching (EZVIZ_TOKEN_CACHE=0).
Persistence & Privilege
The skill does not request permanent platform presence (always:false). It uses a ephemeral-global token cache under /tmp (with code setting file mode 0600). It does create resources on the Ezviz service (agents) and captures images — these are expected side effects and are documented.
Assessment
This skill appears to do what it says, but review and accept the side effects before running: it will capture camera images, create/manage Ezviz intelligent agents in your Ezviz account, and upload images to Ezviz's analysis service (aidialoggw.ys7.com). Use a dedicated Ezviz app (not your main account) with minimal permissions. If you don't want automatic credential discovery, remove Ezviz credentials from ~/.openclaw/* or run with explicit environment variables. Consider disabling the global token cache (export EZVIZ_TOKEN_CACHE=0) if you don't want tokens stored under /tmp, and inspect scripts/restaurant_inspection.py and lib/token_manager.py before first run. Test on non-production devices first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a1cad07w3fn4ebpk639xhan837b3r

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🍽️ Clawdis
EnvEZVIZ_APP_KEY, EZVIZ_APP_SECRET, EZVIZ_DEVICE_SERIAL
Primary envEZVIZ_APP_KEY

Comments