The Semantic Handshake Engine
v1.0.0Generates executable device control templates from API docs using local LLMs to enable cross-protocol IoT device management respecting closed ecosystem restr...
⭐ 0· 82·0 current·0 all-time
byMilesXiang@spacesq
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (dynamic API adapter generation for IoT) aligns with what the skill does: it prompts an LLM to produce JSON control templates and then stores the adapter. There are no unrelated requirements (no cloud credentials, no unrelated binaries).
Instruction Scope
SKILL.md and skill.py both instruct the agent to send the entire provided API/protocol doc to an LLM and expect a JSON adapter. This stays within the declared purpose, but the skill will forward any content you enter (including possible embedded keys or secrets) to the model; the SKILL does not redact secrets or limit what is included in the prompt.
Install Mechanism
There is no install spec and no packages downloaded. The skill is provided as a code file and runs with standard library modules only (urllib, json, os), which is proportionate to its functionality.
Credentials
The skill requires no environment variables, credentials, or config paths. It does create and write to a local directory (./s2_primitive_data) to persist adapters and mounts — this storage is explained by the skill's purpose but may contain sensitive data depending on what you input.
Persistence & Privilege
always:false and user-invocable:true (normal). The skill persists adapter/mount metadata to a local file (active_hardware_mounts.json) but does not change other skills or system-wide settings. It does not grant itself elevated platform privileges.
Assessment
This skill appears coherent with its stated purpose, but follow these precautions before installing/using it: 1) Only run it against a trusted local LLM endpoint — the code POSTS the raw prompt (including whatever API doc you provide) to http://localhost:1234/v1; if that endpoint is malicious or configured to forward requests, your inputs could leak. 2) Do not paste secrets (API keys, tokens, private endpoints) into the 'API/Protocol Doc' prompt — the skill will send those verbatim to the model and store the resulting adapter in ./s2_primitive_data/active_hardware_mounts.json. 3) Inspect and sandbox the skill (run in an isolated environment) if you are unsure about its provenance; the package metadata lists space2.world but source is unknown. 4) If you plan to integrate proprietary hardware, note the code enforces a 'BLOCKED_CLOSED_ECOSYSTEM' policy and will instruct you to use official bridges (Matter/Home Assistant) rather than attempting cryptographic bypass. 5) If you need higher assurance, request signed provenance or a reproducible build from the author; absent that, treat the unknown source as a reason for caution.Like a lobster shell, security has layers — review code before you run it.
latestvk9734er0shkgnx8vqaaz4n1af1838qeh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.