海康云眸视频录像管理
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a coherent Hik-Cloud video recording manager, but it uses account credentials, caches tokens locally, and can change or delete recording resources.
Before installing, confirm you trust this skill with your Hik-Cloud credentials and with the ability to start recordings, manage files, delete resources, and adjust flow limits. Use trusted API base URLs only and protect or periodically clear the local token cache.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with the wrong project, file, or task identifiers, the agent could change or delete Hik-Cloud recording resources.
The skill exposes account-mutating and destructive operations, including deleting projects/files and changing traffic limits.
`project-delete`:删除项目 ... `file-delete`:删除文件 ... `flow-update`:更新项目流量限制
Use this skill only for intended Hik-Cloud management tasks and review destructive or billing/traffic-related operations before running them.
Installing and using the skill grants the agent delegated access to the Hik-Cloud account associated with those credentials.
The helper uses Hik-Cloud client credentials to obtain an OAuth access token, which is expected for the stated API integration.
"client_id": client_id, "client_secret": client_secret, "grant_type": "client_credentials", "scope": "app"
Use least-privileged Hik-Cloud credentials where possible, keep `HIK_OPEN_CLIENT_SECRET` private, and avoid setting `--base-url` or `HIK_OPEN_BASE_URL` to untrusted domains.
A local user or process with access to that cache file may be able to reuse the cached access token until it expires.
The skill persists OAuth token material in a local cache file for reuse across invocations.
DEFAULT_TOKEN_CACHE = Path.home() / ".cache" / "hik_open" / "token.json" ... cache_file.write_text(json.dumps(payload
Protect the local account and cache directory, clear the token cache if the machine is shared or compromised, and rotate credentials if needed.