北京聚英电子|聚英云设备控制
v1.0.7北京聚英电子有限公司聚英云平台设备控制技能,支持通过 JYDAM、jydam、juyingiot、jycloud、聚英云、北京聚英电子有限公司 等关键词搜索,提供设备添加说明、API_Token 获取说明、设备列表查询、状态读取与设备控制能力。
⭐ 0· 233·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill name, description, and SKILL.md consistently document device-listing, state-read, state-refresh, and relay on/off actions against a single API host (https://openapi.iot02.com/api/v1). These operations map directly to the declared endpoints. Minor inconsistencies: registry metadata lists no required credentials/env vars or a primary credential, yet the SKILL.md clearly requires a per-user API_Token; SKILL.md version (1.0.1) differs from registry version (1.0.7). These are bookkeeping issues rather than functional mismatches.
Instruction Scope
The runtime instructions are narrowly scoped to calling the platform's REST endpoints, using the provided API_Token in an Authorization header, resolving device names, and requiring explicit user confirmation before sending control commands. The instructions do not ask the agent to read arbitrary files, other environment variables, or exfiltrate unrelated data.
Install Mechanism
No install spec and no code files — this is instruction-only. That minimizes on-disk install risks (no downloads, no extracted archives, no third-party package installs).
Credentials
The only credential the skill needs is the user's API_Token for the Juying Cloud API, which is proportional to the skill's purpose. However, the skill metadata does not declare this required credential (required env vars/primary credential are empty), so the platform/install UI must still capture and supply the token at runtime; verify how the token will be provided/stored by the platform before installation.
Persistence & Privilege
The skill is not force-included (always: false) and does not request elevated/persistent system privileges. Autonomous invocation is allowed (default) which is expected for skills; there is no evidence it modifies other skills or system-wide settings.
Assessment
This skill appears coherent and does what it says: it will call https://openapi.iot02.com/api/v1 endpoints and needs your Juying Cloud API_Token. Before installing: (1) Confirm you trust the Juying Cloud service and the openapi.iot02.com domain; (2) Provide each user their own API_Token and verify the platform stores it securely (least privilege, limited scope if possible); (3) Test with read-only operations (list, read state) before sending any control commands; (4) The skill metadata did not declare the required API_Token — ensure the platform prompts you for the token and that it won’t be shared; (5) If you need stronger assurance, ask the publisher for a homepage or source repo and verify the API documentation from Juying/Beijing Juying Electronics.Like a lobster shell, security has layers — review code before you run it.
latestvk97767dx6day0qff1ra74a4gt582q0b5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.