海康云眸设备告警能力管理
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: hik-cloud-open-device-alarm-capability-management Version: 1.0.0 The skill bundle is a legitimate tool for managing Hikvision Cloud (Hik-Cloud) device alarm capabilities. The core logic in `hik_open_device_alarm_capability_management.py` uses standard Python libraries to interact with official Hikvision API endpoints (api2.hik-cloud.com) and implements a secure OAuth2 client credentials flow with local token caching in `~/.cache/hik_open/token.json`. There is no evidence of malicious intent, data exfiltration to unauthorized third parties, or prompt injection attacks; the instructions in `SKILL.md` correctly guide the agent to handle credentials securely without exposing them to the user.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A wrong device, channel, ability code, status, or enable value could unintentionally turn alarm or detection behavior on or off.
The skill can modify alarm capability status and smart-detection switches. That is directly aligned with the stated purpose, but these are security-device settings and mistakes could affect monitoring.
本技能只处理以下能力: - 获取设备常规报警能力列表 - 修改报警能力状态 - 设备智能检测开关状态
Use the list operation first when unsure, and confirm the exact deviceSerial, channelId, abilityCode/type, and desired status before running update-status or intelligence-switch.
Anyone who can access these environment variables or the cached token may be able to perform the same device-management actions allowed by the Hik OpenAPI credentials.
The skill uses OAuth/client credentials and token storage to act against the user's Hik-Cloud account. This is expected for the integration, but the credentials and cached token are sensitive.
token 来源优先级: - `--access-token` - `HIK_OPEN_ACCESS_TOKEN` - token cache - `HIK_OPEN_CLIENT_ID + HIK_OPEN_CLIENT_SECRET` 自动换取
Provide credentials only through trusted OpenClaw environment configuration, avoid exposing tokens on command lines or logs, and protect or periodically clear the local token cache.