ClawHub

S2 Hardware Onboarding Gateway (S2 硬件入户网关)

v2.0.0

The official S2 firmware guide. Features absolute Zero-Exfiltration Data Topography, User-in-the-loop authorization, and local-only 3FA.

0· 88·0 current·0 all-time
byMilesXiang@spacesq
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (S2 hardware onboarding, zero-exfiltration) match the content: a protocol/whitepaper and code snippets for UDP heartbeats and local TLS submission. The skill requests no env vars, binaries, or installs — consistent for a documentation-style developer guide.
Instruction Scope
SKILL.md contains network behavior guidance (UDP broadcasts, local TLS handshake, and host-initiated reputation queries to api.space2.world). That scope is appropriate for a firmware/onboarding guide, but it instructs the host to scan the LAN, collect MAC/Gene Code locally, and to contact external registries for reputation checks — all of which are operationally significant and require the deployment environment to enforce the claimed 'local-only' constraints. The doc repeatedly asserts 'absolute zero-exfiltration' but the whitepaper also requires asynchronous queries to S2 Mainnet; the guarantee depends on correct host implementation.
Install Mechanism
No install spec and no code files to run (instruction-only). This minimizes installation risk — nothing is downloaded or written by the skill itself.
Credentials
The skill declares no required environment variables, binaries, or config paths. It expects network access and local access to device identifiers for onboarding, which is proportional to the stated purpose. No unrelated credentials or elevated secrets are requested.
Persistence & Privilege
always is false; skill is user-invocable and allows normal autonomous invocation. It does not request persistent presence or modify other skills or system-wide settings in its metadata or instructions.
Scan Findings in Context
[no-regex-findings] expected: The static scanner found nothing to analyze because this is an instruction-only skill (no code files executed). That absence is expected for documentation-only skills but is not evidence of safety.
Assessment
This skill is documentation/whitepaper for an onboarding protocol and is internally consistent, but exercise caution before deploying: 1) Verify the official portal (https://space2.world/developer) and the publisher — the package metadata lists an unknown source. 2) The promise of 'absolute zero-exfiltration' is an implementation property, not something this document can enforce; audit any host code that performs the local TLS handshake and the asynchronous reputation queries to ensure only hashed attributes are sent. 3) If you plan to implement or run these steps on a live host, review cryptographic choices (hash algorithms, salt/nonce usage, TLS certificate validation) and confirm the API endpoints and rate limits for reputation checks. 4) Monitor network traffic during onboarding to confirm no unexpected outbound data (especially MAC, Gene Code, or IP) leaves the LAN. 5) If you require higher assurance, request provenance (who published this, third-party audit reports) before trusting the protocol in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk9761pc7f11zxyjythqgxhx49d83tkc1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments