ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

小米/米家智能家居控制

v1.1.0

小米/米家智能家居设备控制。通过 MCP Server 工具控制家中的小米设备,包括灯、空气净化器、电暖气、空调、风扇、扫地机器人、窗帘等。当用户提到任何关于智能家居控制的指令时触发,如"把灯关掉"、"开空调"、"净化器调到睡眠模式"、"客厅太暗了"、"家里空气不好"等。即使用户没有明确说"小米"或"米家",只要...

0· 482·2 current·2 all-time
byLino Silvan@alleneee

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for alleneee/mijia-home.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "小米/米家智能家居控制" (alleneee/mijia-home) from ClawHub.
Skill page: https://clawhub.ai/alleneee/mijia-home
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install mijia-home

ClawHub CLI

Package manager switcher

npx clawhub@latest install mijia-home
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (Mijia/Xiaomi home device control) match the runtime instructions: all operations map to the listed MCP Server tools (auth, list/find devices, get/set properties, camera snapshot). No unrelated binaries, env vars, or config paths are requested.
Instruction Scope
Instructions stay within device control, discovery, and camera snapshot/analysis. However, the skill explicitly instructs the agent to ask users for Xiaomi account username/password and verification codes (sensitive), and to 'use Read tool' to read returned image paths — the SKILL.md does not define the Read tool or how images are handled/stored. Confirm how credentials and images are transmitted/stored.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is downloaded or written to disk by an installer. This minimizes install-time risk.
Credentials
No environment variables or primary credentials are declared, yet the runtime flow expects the user to provide Xiaomi account credentials interactively. While asking for credentials is coherent for a direct-login flow, it is sensitive and the skill does not specify secure storage or tokenization. Camera image handling is also sensitive but not detailed.
Persistence & Privilege
always is false and the skill does not request persistent or system-wide privileges. It does not modify other skills or system config according to the provided files.
Assessment
This skill appears to do what it says (control Xiaomi/Mijia devices) but it asks the agent to collect your Xiaomi username/password and verification codes at runtime and to read camera snapshots for analysis. Before installing or using it: 1) Confirm how the platform and MCP Server will store and protect your credentials (prefer token-based/OAuth flows or dedicated, limited-access accounts rather than your main account password). 2) Avoid pasting passwords into plain chat unless you trust the agent's secure input and storage mechanisms. 3) Ask the skill author or operator how camera images are handled, whether images leave your network, and how long they're retained. 4) Consider creating a dedicated Xiaomi account with limited devices for third-party integrations. If you cannot verify secure credential handling and image privacy, treat this skill as privacy-sensitive and proceed cautiously.

Like a lobster shell, security has layers — review code before you run it.

cameravk973954b0108txy6b8g5gb0k9983mapkiotvk973954b0108txy6b8g5gb0k9983mapklatestvk973954b0108txy6b8g5gb0k9983mapkmijiavk973954b0108txy6b8g5gb0k9983mapkmiotvk973954b0108txy6b8g5gb0k9983mapksmart-homevk973954b0108txy6b8g5gb0k9983mapkxiaomivk973954b0108txy6b8g5gb0k9983mapk
482downloads
0stars
2versions
Updated 5h ago
v1.1.0
MIT-0
Lino Silvan@alleneee
cameraiotlatestmijiamiotsmart-homexiaomi
Download

小米智能家居控制

你可以通过 MCP Server 提供的工具控制用户家中的小米/米家智能设备。

首次配置

每次收到设备控制请求时,先调用 xiaomi_auth_status 检查认证状态。

如果状态为 not_configurednot_authenticated,引导用户完成配置:

  1. 告诉用户需要提供小米账号和密码
  2. 用户提供后,调用 xiaomi_setup(username, password, country) 发起登录
  3. 如果返回 verification_required,告诉用户查看手机/邮箱验证码
  4. 用户提供验证码后,调用 xiaomi_verify(code) 完成认证
  5. 认证成功后继续执行原始的设备控制请求

如果状态为 pending_verification,直接询问用户验证码。

如果状态为 authenticated,跳过配置直接操作设备。

可用工具

MCP Server xiaomi-home 提供以下工具:

工具用途
xiaomi_auth_status检查认证状态
xiaomi_setup配置账号并发起登录
xiaomi_verify提交二次验证码
xiaomi_list_devices列出所有设备,获取设备 did
xiaomi_find_device按名称模糊搜索设备
xiaomi_get_properties读取设备属性
xiaomi_set_property设置设备属性
xiaomi_call_action调用设备动作
xiaomi_camera_list列出已配置的摄像头
xiaomi_camera_add添加/更新摄像头
xiaomi_camera_remove移除摄像头
xiaomi_camera_snapshot摄像头截图

工作流程

第一步:定位设备

从用户的自然语言指令中提取设备关键词,用 xiaomi_find_device 搜索。

例如用户说"把客厅的灯关掉",提取"客厅"或"灯"进行搜索。

如果没有找到,尝试用 xiaomi_list_devices 列出所有设备,让用户确认。

第二步:查询设备规格

拿到设备的 model 后,需要知道该设备支持哪些 siid/piid。

常见设备的 MIoT 规格:

开关类设备(灯、插座、开关)

  • siid=2, piid=1: 开关 (bool)
  • siid=2, piid=2: 亮度 (uint8, 1-100)
  • siid=2, piid=3: 色温 (uint32)

空气净化器

  • siid=2, piid=1: 开关 (bool)
  • siid=2, piid=5: 模式 (uint8, 0=自动 1=睡眠 2=喜爱 3=手动)
  • siid=2, piid=8: 风速等级
  • siid=3, piid=6: PM2.5 (只读)
  • siid=3, piid=8: 温度 (只读)
  • siid=3, piid=7: 湿度 (只读)

电暖气/取暖器

  • siid=2, piid=1: 开关 (bool)
  • siid=2, piid=2: 目标温度
  • siid=2, piid=3: 模式

风扇

  • siid=2, piid=1: 开关 (bool)
  • siid=2, piid=2: 风速等级
  • siid=2, piid=3: 摆头 (bool)
  • siid=2, piid=4: 模式

扫地机器人

  • siid=2, piid=1: 状态
  • siid=2, piid=2: 模式
  • siid=2, aiid=1: 开始清扫(动作)
  • siid=2, aiid=2: 停止清扫(动作)

以上仅为常见参考值,不同型号的 siid/piid 可能不同。如果控制失败,先用 xiaomi_get_properties 尝试读取 siid=2 的 piid 1-10 来探测设备支持的属性。

第三步:执行操作

根据用户意图调用对应工具:

  • 开/关设备: xiaomi_set_property(did, siid=2, piid=1, value=true/false)
  • 调节属性: xiaomi_set_property(did, siid, piid, value)
  • 执行动作: xiaomi_call_action(did, siid, aiid)
  • 查询状态: xiaomi_get_properties(did, siid=2, piids="1,2,3,4,5")

第四步:反馈结果

用自然语言告诉用户操作结果,例如:

  • "已关闭客厅吸顶灯"
  • "空气净化器已切换到睡眠模式,当前 PM2.5: 35"
  • "电暖气已开启,目标温度设为 24 度"

如果操作失败,说明原因并建议排查方向(设备是否在线、是否在同一局域网等)。

场景联动

用户可能描述一个场景而非单个设备操作,例如:

  • "我要睡觉了" -> 关灯 + 净化器睡眠模式 + 电暖气调低
  • "出门了" -> 关闭所有设备
  • "客厅太暗了" -> 开灯并调高亮度
  • "看看门口" -> 截图 + 分析 + 建议联动

遇到场景指令时,拆解为多个设备操作,依次执行并汇报结果。

注意事项

  • 操作前确认设备在线(is_online),离线设备无法控制
  • siid/piid 因型号而异,失败时用探测方式确认正确的属性 ID
  • 布尔值使用 true/false,不是 0/1
  • 设备 did 是字符串,不要猜测,必须从 list 或 find 工具获取

摄像头与视觉感知

当用户想"看看"某个位置时,使用摄像头截图功能:

  1. 调用 xiaomi_camera_list 确认有哪些摄像头
  2. 调用 xiaomi_camera_snapshot(name) 截取图片
  3. 用 Read 工具读取返回的图片路径,分析图片内容
  4. 用自然语言描述看到的内容,并根据场景建议联动操作

触发关键词:"看看"、"门口有没有人"、"摄像头"、"监控"、"拍一张"等。

如果用户想添加摄像头,引导使用 xiaomi_camera_add(name, rtsp_url)。 测试时可用 mock://文件名mock://目录名 加载本地图片。

Comments

Loading comments...