jf-open-pro-ptz-control
v1.0.0面向开发者杰峰设备 API 工具,可支持设备状态、方向控制、一键遮蔽、变倍和聚焦、预置位及巡航计划管理功能等。触发词:云台控制、设备状态、方向转动、预置位、巡航计划、一键遮蔽。
⭐ 0· 55·0 current·0 all-time
byJFTECH@jufengcloud
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description describe PTZ control for JF devices and the skill requests JF-specific credentials (UUID, APPKEY, APPSECRET, MOVECARD) and optional device credentials (SN, username, password). These match the described API interactions in the code and SKILL.md.
Instruction Scope
Runtime instructions ask you to set environment variables and run the included Python script (scripts/jf_open_pro_ptz_control.py), which performs HTTPS POSTs to api.jftechws.com / api-cn.jftech.com endpoints. One minor inconsistency: the SKILL.md security table implies '不会执行本地代码' (won't execute local code), but the instructions explicitly run local Python code; this is likely a wording issue but worth noting. The instructions do not request unrelated files, system paths, or external endpoints beyond the JF API.
Install Mechanism
No install spec is present (instruction-only with an included script). No downloads, package installs, or archive extraction are performed by the skill, so there's low install-time risk. The included Python file is provided with the skill bundle.
Credentials
The required environment variables are all directly relevant to authenticating to the JF platform and the device (UUID, app key/secret, move-card param, device SN, device credentials). The quantity of secrets is proportionate to the described functionality. Be aware these are high-value secrets for device control and should be protected accordingly.
Persistence & Privilege
The skill does not request permanent 'always' inclusion and does not modify other skills or system-wide agent settings. Autonomous invocation defaults are unchanged (normal). The skill does not declare elevated persistence.
Assessment
This skill appears to implement what it claims: a PTZ controller for JF devices that uses the platform's API. Before installing, confirm you trust the skill source (no homepage/source repository is provided). If you proceed:
- Only provide the JF credentials if you expect this agent to control your devices; these keys allow real camera control.
- Prefer least-privilege credentials and rotate keys if possible.
- Note the SKILL.md wording that says it won't execute local code is inaccurate — the included Python script runs locally, so review the script (already included) before running it.
- On multi-user Linux hosts, environment variables can be read by other local users/processes with sufficient privileges; consider running in an isolated environment/container or using more restricted credential handling if that matters.
- If you want to be extra cautious, run the script manually from an isolated machine or review and run it line-by-line rather than allowing an autonomous agent unrestricted execution.Like a lobster shell, security has layers — review code before you run it.
latestvk970hwzfbc0ajxv9b6eqymh57984cwps
License
MIT-0
Free to use, modify, and redistribute. No attribution required.