ClawHub

查询设备列表

v1.0.5

调用 ai-open-gateway 的设备列表查询接口 POST /api/device/list,获取当前用户绑定的所有设备信息。Use when: 需要查看绑定了哪些设备、获取设备 MAC 地址、确认设备是否已绑定。⚠️ 需设置 AI_GATEWAY_API_KEY。

0· 138·0 current·0 all-time
by@maydayily
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required env var (AI_GATEWAY_API_KEY), required binary (python3), and code all directly relate to calling POST /api/device/list on an ai-open-gateway host. Optional env vars (AI_GATEWAY_HOST, AI_GATEWAY_VERIFY_SSL, AI_GATEWAY_NO_ENV_FILE) are appropriate for configuring the gateway and TLS behavior.
Instruction Scope
SKILL.md instructs the agent to run the included script and to parse the JSON output into a user-friendly table. The script prints only the API response JSON and does not access other system files besides the declared ~/.openclaw/.env fallback. The documented rule that the agent must not display raw JSON but instead format results is consistent with the script's behavior.
Install Mechanism
No install spec is provided (instruction-only), and the only runtime dependency is the Python package httpx; the script prints a clear error with pip install instructions if httpx is missing. No downloads from untrusted URLs or archive extraction are present.
Credentials
Only AI_GATEWAY_API_KEY is required as a primary credential, which is proportionate. The script also optionally reads ~/.openclaw/.env as a fallback (declared in SKILL.md). This shared fallback file is a legitimate convenience but creates a cross-skill credential sharing risk; the skill documents this and exposes an env toggle (AI_GATEWAY_NO_ENV_FILE) to disable the fallback.
Persistence & Privilege
The skill does not request permanent presence (always:false), does not modify other skills or system-wide settings, and has no install-time side effects. It runs as a one-off script and uses environment/config inputs only.
Assessment
This skill appears to do exactly what it says: call POST /api/device/list using the provided AI_GATEWAY_API_KEY. Before installing/using: (1) Supply a dedicated, least-privilege API key (do not reuse a high-privilege key). (2) Prefer setting AI_GATEWAY_API_KEY as an environment variable and set AI_GATEWAY_NO_ENV_FILE=true in production to avoid reading the shared ~/.openclaw/.env fallback. (3) Verify AI_GATEWAY_HOST points to the expected, trusted domain and do not disable TLS verification in production. (4) The script requires python3 and the httpx package; run it in a controlled environment. (5) Ensure the agent presenting results follows the SKILL.md rule to format the JSON output (table or user-friendly message) and not leak raw JSON or credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk97etnjjj2x69hvexz10sqxn9h83f128

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3
EnvAI_GATEWAY_API_KEY
Primary envAI_GATEWAY_API_KEY

Comments