ClawHub

Kokonna Frame

v1.2.0

Control KoKonna AI e-ink art frames. Upload images, query device info, and manage multiple frames. Use when user asks to "push to frame", "send to frame", "d...

0· 59·0 current·0 all-time
by@guooscar
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (control e-ink frames: upload images, query device info) align with the included Python code and CLI scripts. The code only talks to a single API (upload/device) and expects per-device API keys in a local config file. However, registry metadata omitted any required config path while manifest/README/SKILL.md/code all require ~/.openclaw/skills/kokonna-frame/config.yaml — this metadata mismatch is inconsistent.
Instruction Scope
SKILL.md instructs placing API keys in a local config file and shows CLI/Python usage. Runtime instructions and scripts only read that config file and the provided image path, resize the image, and POST base64 data to the declared API endpoints. There are no instructions to read unrelated local files, environment secrets, or to send data to other endpoints.
Install Mechanism
There is no install spec; the skill is instruction + source files. Dependencies are only requests and Pillow (declared in requirements.txt and SKILL.md). No arbitrary downloads or extract steps are present.
Credentials
The code requires per-device API keys (stored in config.yaml) which is proportional to the function. No environment variables or unrelated secrets are requested. Note: the registry metadata claimed 'Required config paths: none', which contradicts the actual code and SKILL.md that require a config file — this should be fixed/verified.
Persistence & Privilege
Skill does not request permanent/global privileges (always: false). It does not modify other skills or system settings. It will run with normal autonomous invocation behavior unless the platform or user restricts it.
Assessment
This skill appears to do what it says: resize images and POST them to a KoKonna API using per-device API keys stored in ~/.openclaw/skills/kokonna-frame/config.yaml. Before installing: (1) verify the API base URL (DEFAULT_API_BASE_URL is https://api.galaxyguide.cn/openapi) — confirm this is the official KoKonna endpoint for your device or change it in config.yaml; (2) correct or double-check the registry metadata vs the manifest (the skill actually requires a local config file even though registry metadata omitted it); (3) only provide API keys you obtained from a trusted source (kokonna.art) and avoid reusing high-privilege keys; (4) inspect or run the Python scripts in a controlled environment if you are unsure (they only use requests/Pillow and POST base64 image payloads); (5) prefer installing from a verifiable upstream (official repo or vendor) rather than an unknown source. If you want higher assurance, ask the author for a homepage/repo or for confirmation that api.galaxyguide.cn is the official API host.

Like a lobster shell, security has layers — review code before you run it.

latestvk975a2ppphbfaw6ap7f0h5fbp984sesa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments