海康云眸设备告警能力管理
PassAudited by ClawScan on May 10, 2026.
Overview
This skill appears aligned with Hik-Cloud alarm management, but it uses sensitive Hik credentials, caches an access token locally, and can change device alarm or smart-detection settings.
Install only if you intend OpenClaw to manage Hik-Cloud device alarm settings. Keep HIK_OPEN_CLIENT_ID, HIK_OPEN_CLIENT_SECRET, access tokens, and the token cache private; use only trusted base URLs; and review any request that changes alarm status or smart-detection switches before allowing it to run.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A wrong device, channel, ability code, status, or enable value could unintentionally turn alarm or detection behavior on or off.
The skill can modify alarm capability status and smart-detection switches. That is directly aligned with the stated purpose, but these are security-device settings and mistakes could affect monitoring.
本技能只处理以下能力: - 获取设备常规报警能力列表 - 修改报警能力状态 - 设备智能检测开关状态
Use the list operation first when unsure, and confirm the exact deviceSerial, channelId, abilityCode/type, and desired status before running update-status or intelligence-switch.
Anyone who can access these environment variables or the cached token may be able to perform the same device-management actions allowed by the Hik OpenAPI credentials.
The skill uses OAuth/client credentials and token storage to act against the user's Hik-Cloud account. This is expected for the integration, but the credentials and cached token are sensitive.
token 来源优先级: - `--access-token` - `HIK_OPEN_ACCESS_TOKEN` - token cache - `HIK_OPEN_CLIENT_ID + HIK_OPEN_CLIENT_SECRET` 自动换取
Provide credentials only through trusted OpenClaw environment configuration, avoid exposing tokens on command lines or logs, and protect or periodically clear the local token cache.