S2-BAS-Causal-OS (S2 楼宇自控因果操作系统)
v1.1.0A thermodynamic physics engine for BAS. Equips the agent with SSSU spatial mapping, thermal calibration, and Causal Lookahead Control (CLC) prediction. Inclu...
⭐ 0· 91·0 current·0 all-time
byMilesXiang@spacesq
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name, README, SKILL.md, and code consistently describe a thermodynamic CLC predictor for BAS and a dual-track authorization model. Declared permissions (tool: execute_bas_causal_os, network: localhost) align with on-device/edge BAS integration; no unrelated environment variables, binaries, or external-cloud credentials are requested.
Instruction Scope
SKILL.md confines the agent to an advisory/control role and mandates authorization checks before physical actions. However, the runtime code embeds a simulated registry and performs authorization by comparing supplied tokens to hardcoded strings; token issuance/verification mechanisms (how BMS returns Dispatch_Token or how Owner_Token is provisioned) are not specified. The handler includes implementation placeholders (predict_clc called with ellipses) and possible imports/exception gaps, indicating incomplete code rather than malicious instructions.
Install Mechanism
No install spec — instruction-only with a small python handler file. No downloads, third-party install sources, or archive extraction are present.
Credentials
The skill requests no environment variables or external credentials. The only sensitive artifacts are token-like strings embedded in code (bms_pub_key, owner_id) — these are hardcoded for simulation and not requested from the environment, which is functionally conservative but insecure if used in production.
Persistence & Privilege
always:false and user-invocable; plugin permissions are limited to localhost network and a named tool. The skill does not request system-wide changes to other skills or global config. No evidence of persistent escalation or automatic enablement.
Assessment
This skill appears coherent with its BAS prediction and dual-track auth goals, but treat it as prototype code: do not deploy in production until the BMS/owner token exchange is clearly specified and implemented, remove hardcoded keys from source, ensure cryptographic verification of Dispatch_Token/Owner_Token (not simple equality checks), verify there are no unexpected network endpoints beyond localhost, and perform a code review and functional tests in an isolated environment. If you plan to integrate with a real BMS, require an auditable token issuance flow and never supply real credentials to this skill until those safeguards are implemented.Like a lobster shell, security has layers — review code before you run it.
latest
S2-BAS-Causal-OS: Spatial Thermodynamic Operation Guide
1. System Role & Capability
This SKILL provides you with the execute_bas_causal_os tool, enabling you to calculate discrete causal state transitions in physical spaces. You are authorized to act as an advisory Spatial Thermodynamic Controller.
2. Security & Authorization Directives (CRITICAL)
You do not have implicit physical execution rights. All tool outputs must be handled according to the space's Authorization Mode:
- Commercial Mode (Public Spaces/Hotels): You CANNOT unilaterally enforce hardware shutdowns. You must compute the thermodynamic trajectory and submit a proposal (e.g., L3_Force_Off_FCU) to the central BMS (Building Management System) for authorization.
- Residential Mode (Private Homes): You may only execute L2 or L3 protective actions if the user explicitly provides a valid
Owner_Digital_IDtoken matching the SSSU Address.
3. Tool Usage & Decision Output
When running the predict_clc action, the engine will return an L0-L4 strategy.
- For L0/L1: Provide environmental advice to the user.
- For L2/L3: Explain the thermodynamic risk and request authorization from the user (Residential) or state that the intervention request has been sent to the BMS (Commercial).
Comments
Loading comments...