海康云眸设备控制
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is coherent and purpose-built for Hik-Cloud device control, but it can perform high-impact security-camera and storage operations without clear confirmation safeguards.
Install only if you intend the agent to control Hik-Cloud devices. Before using it, configure scoped credentials, verify the API base URL, protect the token cache, and require manual confirmation for storage initialization and other device-changing actions.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked too broadly or from an ambiguous request, the agent could change alarm state, move cameras, capture images, alter device settings, or start storage-card initialization.
The invocation scope covers sensitive device-control and storage-initialization actions, but the artifact does not show an explicit approval step or safety gate before executing these high-impact operations.
用户提到设备序列号、通道号、布防/撤防、抓图、云台转动、OSD 设置、校时、NTP 配置、存储卡初始化等场景时使用。
Require explicit user confirmation for mutating actions, especially storage initialization, arm/disarm, PTZ movement, capture, OSD/time/NTP changes, and verify device serial/channel before execution.
The configured credentials may grant access to control real Hik-Cloud devices, and a custom base URL would receive the token request.
The skill requires Hik-Cloud credentials and allows the authentication and device API base URL to be customized, which is expected for this provider integration but means credentials should only be used with trusted endpoints.
env: { HIK_OPEN_CLIENT_ID: "...", HIK_OPEN_CLIENT_SECRET: "...", HIK_OPEN_BASE_URL: "https://your-custom-base-url" } ... 认证接口和设备接口都跟随同一个 base URL。Use least-privilege Hik-Cloud credentials, avoid sharing tokens, protect environment variables and cache files, and only set HIK_OPEN_BASE_URL or --base-url to trusted Hik-Cloud environments.