Hik Cloud Device Management
v1.0.0调用海康云眸开放平台设备基础管理接口,包括注册设备、删除设备、修改设备名称、查询设备详情、查询设备列表、获取设备总数、查询设备状态和设备重启。用户提到设备注册、设备删除、设备重命名、设备列表、设备状态、设备重启等场景时使用。本技能自动处理 access_token 获取与刷新,不向用户暴露 token 调用流程。
⭐ 0· 68·0 current·0 all-time
byhik-cloud-open@liunian1010
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Hik Cloud device management) match what the files implement: a Python script and docs that call Hik-Cloud OpenAPI endpoints for create/delete/rename/get/list/count/status/reboot. Required binaries (python3) and required env vars (HIK_OPEN_CLIENT_ID, HIK_OPEN_CLIENT_SECRET) are appropriate for OAuth client_credentials flows.
Instruction Scope
SKILL.md instructs running the included script and documents token handling, flags, and outputs. It explicitly caches tokens and will auto-refresh on 401. One notable capability: the base API URL can be overridden via --base-url or HIK_OPEN_BASE_URL, which is useful for staging but means misconfiguring that value could redirect credentials/token requests to a non-official endpoint.
Install Mechanism
There is no install spec (instruction-only skill plus an included Python script). No networked install/downloads or third-party package pulls are present. The script runs with system Python and uses only the standard library.
Credentials
Requested environment variables (client_id, client_secret, optional access token, optional base URL) are proportional to the functionality. The script reads/writes a token cache file (~/.cache/hik_open/token.json) to store access_token and expiry; this is expected but should be noted because cached tokens are sensitive.
Persistence & Privilege
The skill does not request always-on inclusion and does not modify other skills or global configs. Its persistent effect is limited to writing a token cache file under the user's home directory (standard behavior for caching OAuth tokens).
Assessment
This skill appears to do what it claims: a Python helper that manages Hik-Cloud devices using your HIK_OPEN_CLIENT_ID and HIK_OPEN_CLIENT_SECRET. Before installing, consider: (1) Protect your client secret — supply it via the agent's secure env/sandbox configuration rather than pasting it into chat. (2) The script caches access tokens at ~/.cache/hik_open/token.json; treat that file as sensitive. (3) The skill allows overriding the base URL (HIK_OPEN_BASE_URL or --base-url) for testing; do not set this to an untrusted endpoint, because the client credentials/token exchange would then be sent to that URL. (4) The skill can perform high-impact operations (device reboot/delete); ensure proper confirmation/authorization in your workflows. If you need additional assurance, review the full script locally before enabling and verify network calls go to expected Hik-Cloud endpoints.Like a lobster shell, security has layers — review code before you run it.
latestvk97bdx5y98evx6d1bwpk2809fn83h6k9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧰 Clawdis
Binspython3
EnvHIK_OPEN_CLIENT_ID, HIK_OPEN_CLIENT_SECRET
Primary envHIK_OPEN_CLIENT_SECRET