ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

S2 Spatial Adapters

v2.0.7

Provides a unified, cryptographically secure interface to control Home Assistant, Xiaomi Mijia, and Tuya IoT devices with ephemeral zero-trust connections.

0· 125·0 current·0 all-time
byMilesXiang@spacesq

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for spacesq/s2-spatial-adapters.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "S2 Spatial Adapters" (spacesq/s2-spatial-adapters) from ClawHub.
Skill page: https://clawhub.ai/spacesq/s2-spatial-adapters
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install s2-spatial-adapters

ClawHub CLI

Package manager switcher

npx clawhub@latest install s2-spatial-adapters
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description claim a unified zero-trust interface for HA, Mijia, and Tuya — the code (three adapters + main.py) implements exactly those protocols and the manifest lists appropriate dependencies. HOWEVER the top-level registry metadata in the submission indicated 'Required env vars: none' while the manifest and SKILL.md clearly require multiple sensitive environment variables (S2_ENABLE_REAL_ACTUATION, HA_BEARER_TOKEN, MIJIA_DEVICE_TOKEN, TUYA_ACCESS_ID/SECRET, etc.). That metadata mismatch is an coherence issue (not an immediate safety exploit) and could mislead automated gating systems.
Instruction Scope
SKILL.md and main.py give a narrow, well-defined runtime contract: run python main.py <protocol> <element> <device_id> '<intent_json>' with environment-injected credentials; all adapters validate inputs, perform SSRF/private-IP checks, redact payloads in logs, and provide a 'dry-run' when S2_ENABLE_REAL_ACTUATION is not set. The s2_commander_agent.json instructs an agent to emit those CLI invocations (including deterministic/low-temperature generation), which is explicit rather than vague.
Install Mechanism
There is no install spec in the registry (instruction-only install), but the package includes Python code and a requirements.txt (requests, pycryptodome). This is low-to-moderate risk — nothing is downloaded from arbitrary URLs, but an installer step (pip install -r requirements.txt) is expected and dependencies are pinned. The absence of an explicit install step in registry metadata is an inconsistency to be aware of.
!
Credentials
The code legitimately needs device credentials and a global 'real actuation' flag, and the manifest documents these env vars as sensitive. That is proportionate to the stated purpose. The concern is twofold: (1) the registry summary incorrectly claimed 'no required env vars', creating a metadata mismatch; (2) these are high-sensitivity secrets (access tokens, device keys). Because the skill is designed to allow actual physical actuations when S2_ENABLE_REAL_ACTUATION=True, giving these secrets to the runtime (or to an autonomous agent) carries real-world risk. Confirm who controls the runtime env and where secrets are stored before enabling.
Persistence & Privilege
The skill is not set to always:true and does not attempt to modify other skills or system-wide configs. Autonomous agent invocation is allowed (disable-model-invocation=false) which is expected for tools intended for agents; combine this with real-actuation credentials and it can cause physical effects, but that is a usage risk rather than an elevated platform privilege. No evidence the skill persists credentials beyond its own lifecycle (it attempts to wipe them in secure_teardown).
What to consider before installing
This skill's code implements exactly what it says (HA REST, Xiaomi UDP, Tuya cloud). Before installing: (1) don't trust the top-level metadata that claimed 'no required env vars' — the manifest and SKILL.md require several sensitive secrets; (2) never set S2_ENABLE_REAL_ACTUATION=True unless you intentionally want the agent to be able to actuate hardware; test in dry-run first; (3) grant the minimal network access possible (eg. run in a network segment that can reach only the intended local devices and/or Tuya endpoints); (4) store credentials in a secure vault and inject them at runtime (do not place in .env); (5) review and/or run the included code in an isolated environment to confirm no hidden endpoints or telemetry are present; and (6) if you plan to let an autonomous agent use this skill, restrict that agent's permissions and logging, and require human approval for sensitive actions (locks, doors, HVAC). The metadata mismatches lower confidence in how this package was registered — treat it with caution and verify configuration before enabling real actuations.

Like a lobster shell, security has layers — review code before you run it.

latestvk97576tx45rf9x6p0a6arkspkn83aryf
125downloads
0stars
9versions
Updated 1mo ago
v2.0.7
MIT-0
MilesXiang@spacesq
latest
Download

🌐 S2-Spatial-Adapters: The Zero-Trust Smart Home Interface

Version: 2.0.2 (Cloud-Native & Strict Compliance Edition)
Core Architecture: S2-SP-OS Spatial Tensors & Application-Level Dereferencing

Welcome to the S2-Spatial-Adapters. This SKILL is the official physical actuation tentacle of the S2-SP-OS. It provides a unified, highly abstracted interface to control Home Assistant (Local REST), Xiaomi Mijia (Local UDP), and Tuya IoT (Cloud API) devices.

🛡️ Core Philosophy & Security Posture

1. Application-Level Dereferencing (应用级凭证解绑)

Due to Python's memory management and immutable strings, native physical RAM wiping (e.g., via memset) is not feasible. Instead, S2 enforces strict best-effort dereferencing. Post-execution, sensitive variables (AES keys, Tokens) are immediately reassigned to safe stub values (e.g., "WIPED"), expediting their removal by Python's Garbage Collector and minimizing the window of vulnerability.

2. Prompt-Injection Defense (防提示词注入)

Inputs from LLM Agents are strictly validated against a hardcoded S2 JSON schema whitelist. Malicious keys are stripped before reaching the physical execution layer.

⚙️ Environment Configuration (云原生环境注入)

⚠️ SECURITY WARNING: Do NOT create or overwrite local .env files with plaintext credentials in production. This SKILL is designed for 12-Factor App compliance. You MUST inject the following variables dynamically via your runtime environment, Docker ENV, or secure CI/CD vault (e.g., HashiCorp Vault, GitHub Secrets).

  • S2_ENABLE_REAL_ACTUATION (REQUIRED): Global Security Valve. Set to True to allow real physical requests. Defaults to sandbox interception if missing.
  • HA_BASE_URL & HA_BEARER_TOKEN: Required for Home Assistant routing.
  • MIJIA_DEVICE_IP & MIJIA_DEVICE_TOKEN: Required for Xiaomi local UDP routing.
  • TUYA_ACCESS_ID & TUYA_ACCESS_SECRET: Required for Tuya IoT Core routing.

🤖 Agent Execution Guide

LLM Prompting Instructions: Execute the main.py entry point with the following exact schema:

python main.py <protocol> <s2_element> <device_id> <intent_json_str>

Execution Examples

1. Home Assistant (Local REST)
Bash

python main.py ha LUMINA light.living_room '{"power": true, "brightness_pct": 15}'

2. Xiaomi Mijia (Local Miio UDP)
Bash

python main.py mijia CLIMATE 192.168.1.50 '{"power": true, "temperature": 26}'

3. Tuya IoT Core (Cloud HMAC-SHA256)
Bash

python main.py tuya SENTINEL door_lock_12345 '{"action": "unlock"}'

Comments

Loading comments...