ClawHub

S2-SP-OS Vision Cast

v1.1.0

S2-SP-OS Vision Cast. Features a universal Protocol Sniffer (AirPlay/Chromecast/DLNA) for native casting, backed by our secure S2 ephemeral push fallback. /...

0· 129·0 current·0 all-time
byMilesXiang@spacesq
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (protocol sniffer + secure fallback) match required binaries (python3) and env vars (S2_PRIVACY_CONSENT, S2_VISION_TOKEN). The script implements port probing of common casting ports and a fallback push; requiring a vision token for push is proportionate to the described feature.
Instruction Scope
Runtime instructions tell the agent to run local LAN port probes and optionally push an image payload to a target device. The script enforces that targets are private LAN addresses and requires explicit S2_PRIVACY_CONSENT. The SKILL.md sometimes refers to subnets and external helper tools (pychromecast/pyatv, s2-spectrum-perception) which are outside this skill — agents may rely on other components not included here. The code provided does not show the actual network push implementation (push_secure_snapshot is a stubbed return), so the real external endpoints and data flow are not visible in the repository.
Install Mechanism
No install spec; this is instruction + code only. No external downloads or archive extraction. The only runtime dependency is Python and the requests package (the code imports requests). Low install risk.
Credentials
Only two environment variables are required: S2_PRIVACY_CONSENT (consent gate) and S2_VISION_TOKEN (auth token for S2 push). Both are relevant to the declared purpose. There are no unrelated credentials or config paths requested.
Persistence & Privilege
Skill is not always-enabled and does not request persistent system/global configuration changes. It follows the normal autonomous-invocation default; no elevated privileges or modifications to other skills are requested.
Assessment
This skill appears coherent for LAN casting: it probes local casting ports and can fall back to an S2 push mechanism. Before installing, verify the following: (1) Source/trust — the package homepage and author are unknown; confirm the vendor and review any externally hosted receiver/service docs. (2) Token scope — find out what S2_VISION_TOKEN can do (which endpoints it authorizes and whether it allows arbitrary pushes to user devices). Limit the token's privileges if possible. (3) Network behavior — the visible code shows only local port probes and a stubbed push; ask the author for the real push implementation and endpoints so you can review where payloads are sent. (4) Consent is only an env var — S2_PRIVACY_CONSENT=1 is a simple guard; ensure agents set it intentionally and verify local policy before allowing scans on shared networks. If you need higher assurance, run the script in a controlled test environment and inspect traffic (e.g., with a packet capture) before deploying on production networks.

Like a lobster shell, security has layers — review code before you run it.

latestvk976s80sdq3m5m4rfah74r7xpx83c4v4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

👁️ Clawdis
Binspython3
EnvS2_PRIVACY_CONSENT, S2_VISION_TOKEN

Comments