设备直播地址

Name/description: fetch device live H5 URL. Requested binary (python3), primary environment variable (AI_GATEWAY_API_KEY), and the two API endpoints (/api/device/list and /api/device/live) all match that purpose. The script also documents optional host and TLS flags which are expected for an API client.

SKILL.md instructs the agent to run the script, parse its JSON output, and present a formatted Markdown link. The bundled Python script prints only the declared JSON response and calls only the two described endpoints. There is no instruction to read unrelated system files or to exfiltrate data to other endpoints. The SKILL.md's requirement that the agent reformat JSON into a user-friendly link is consistent with the script output.

No install spec; this is instruction + single script. The only runtime dependency is the widely used Python package httpx (the script prompts to install it). There are no downloads from arbitrary URLs or archive extraction steps.

The skill requires a single primary credential AI_GATEWAY_API_KEY, which is appropriate. However, the script supports a fallback of reading ~/.openclaw/.env (declared in SKILL.md and metadata) — that file is shared by other skills and could contain additional secrets. SKILL.md warns about this and provides AI_GATEWAY_NO_ENV_FILE to disable fallback; users should prefer environment variables and not rely on the shared .env in production. The optional AI_GATEWAY_VERIFY_SSL flag can disable TLS verification (documented as for development only) — avoid disabling in production.

Skill is user-invocable, not always-enabled, and does not request persistent system-wide privileges or modify other skills. It does not require elevated OS permissions.