Security checks across static analysis, malware telemetry, and agentic risk
The skill matches its smart-alarm purpose, but it handles sensitive alarm credentials and image data while allowing the API destination to be changed without validation.
Review this carefully before installing. Only use it with a trusted JF_ENDPOINT value from the documented regional domains, avoid exposing credentials in shared shells or logs, and understand that the commands can change alarm settings and print alarm event details and image URLs.
headers = get_headers(uuid, app_key, app_secret, move_card)
headers["DeviceSn"] = device_sn
response = requests.get(url, headers=headers, timeout=30)
result = response.json()
if result.get("code") != 2000:"accessToken": access_token
}
response = requests.post(url, headers=headers, json=body, timeout=30)
result = response.json()
if result.get("code") != 2000:url = f"{JF_BASE_URL}/rtc/device/getability/{device_token}"
headers = get_headers(uuid, app_key, app_secret, move_card)
response = requests.post(url, headers=headers, timeout=30)
result = response.json()
if result.get("code") != 2000:if channel is not None:
body["Channel"] = str(channel)
response = requests.post(url, headers=headers, json=body, timeout=30)
result = response.json()
if result.get("code") != 2000:"Detect.MotionDetect": config
}
response = requests.post(url, headers=headers, json=body, timeout=30)
result = response.json()
if result.get("code") != 2000:if alarm_event:
body["alarmEvent"] = alarm_event
response = requests.post(url, headers=headers, json=body, timeout=30)
result = response.json()
if result.get("code") != 2000:if events:
body["events"] = events
response = requests.post(url, headers=headers, json=body, timeout=30)
result = response.json()
if result.get("code") != 2000:No static analysis findings were reported for this release.
VirusTotal findings are pending for this skill version.