Hik Cloud Video Recording
v1.0.0调用海康云眸开放平台视频云录制能力,包括云录制项目、转码录制任务、文件管理、流量管理、资源上传和视频剪辑。用户提到云录制、录像转码、抽帧、文件下载、项目流量、视频剪辑等场景时使用。本技能自动处理 access_token 获取与刷新,不向用户暴露 token 调用流程。
⭐ 0· 73·0 current·0 all-time
byhik-cloud-open@liunian1010
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name and description describe Hik‑Cloud video cloud recording and the skill only requests python3 and Hik Open API credentials (HIK_OPEN_CLIENT_ID, HIK_OPEN_CLIENT_SECRET), which are appropriate and required for OAuth client‑credentials flows to the Hik cloud API.
Instruction Scope
SKILL.md directs use of the provided Python script to call Hik Cloud APIs, documents the token resolution logic, base URL selection, and command set. The instructions do not ask the agent to read unrelated system files or additional secrets beyond the declared env vars; they explicitly note sandbox handling and token caching behavior.
Install Mechanism
No install spec — the skill is run via python3 and includes a script file. No remote downloads or unusual installers are used. This is low install risk.
Credentials
Required environment variables are the Hik client id/secret and optional base URL / access token overrides; these are proportionate for obtaining OAuth tokens and calling the Hik API. No unrelated cloud/provider credentials are requested.
Persistence & Privilege
The script caches the access_token to disk (default ~/.cache/hik_open/token.json). It does not request 'always: true' or modify other skills. Users should be aware the token is stored on disk and that --base-url / HIK_OPEN_BASE_URL can point to a custom endpoint (useful for testing but could be misconfigured).
Assessment
This skill appears coherent with its stated purpose. Before installing: 1) Only provide valid Hik client_id/client_secret if you trust the skill; these credentials allow the script to fetch OAuth tokens. 2) Be aware the tool caches tokens at ~/.cache/hik_open/token.json — review permissions or change --token-cache-file if you have concerns. 3) Keep HIK_OPEN_BASE_URL to the official domain unless intentionally testing against another endpoint (a malicious custom base URL could send requests to an arbitrary server). 4) If you want extra safety, run the script in a sandboxed environment or inspect the included scripts (scripts/hik_open_video_recording.py) yourself — the code provided implements expected API calls and token handling and does not request unrelated secrets.Like a lobster shell, security has layers — review code before you run it.
latestvk970t34n2eda8hg16aw9wqaezn83hspg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎬 Clawdis
Binspython3
EnvHIK_OPEN_CLIENT_ID, HIK_OPEN_CLIENT_SECRET
Primary envHIK_OPEN_CLIENT_SECRET