Hdl Skills Hub
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may gain authenticated access to the user's HDL account, including smart-home and shopping-related APIs.
The skill requires local app secrets and the user's HDL username/password to obtain tokens. This is sensitive account authority, and it is not reflected in the registry credential/env-var declarations.
必须且只能从根目录下的 `.env` 文件(路径:`./.env`)读取系统核心变量:`${HDL_APP_KEY}`, `${HDL_APP_SECRET}` ... 若无 Token,必须立即启动“分步式登录引导”获取用户名和密码进行登录。Only install if you trust the publisher and HDL endpoints. Declare the required .env secrets and login credential clearly, use least-privilege credentials where possible, and rotate secrets if they may have been exposed.
If followed incorrectly, the agent could control devices in the wrong home or use a stale configured home instead of the user's selected home.
The same device-control artifact both forbids hard-coded home IDs and says to use a fixed `${HDL_HOME_ID}`. That creates unclear scoping for commands that control real devices.
动态 homeId: **严禁**使用硬编码的 `homeId` ... 获取用户选择的房屋 ID。 ... `homeId` | Long | **是** | 住宅房屋 ID。**必须固定使用:`${HDL_HOME_ID}`**。Resolve the documentation to a single source of truth: always derive homeId from the authenticated home list and user selection, or explicitly declare and validate any configured homeId before control.
The agent can add selected products and quantities to the user's HDL shopping cart.
Adding items to a shopping cart is an account mutation. It is disclosed and purpose-aligned, but users should understand that the skill can change their cart.
该技能包含核心接口:用于**添加商品到购物车**。 ... tools: [addToShoppingCart]
Confirm product, SKU, and quantity before adding items, and make clear that the skill does not proceed to payment or checkout.
If the session context or transcript is exposed, an access token could potentially be misused until it expires.
The skill stores tokens in session memory. The artifact limits this to the current session and says not to display tokens, but the stored token remains sensitive.
登录成功后,AI 应在当前会话内存中持久化 Token,并遵循隐私规则不再展示。
Keep tokens short-lived, avoid sharing transcripts, clear the session after use, and ensure tokens are never logged or shown in responses.