by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill appears to do what it says: manage ST200TH devices over MQTT. Before installing, consider:
- Network/privacy: the script connects to mqtt.likong-iot.com using embedded credentials (username 'public', password 'Aa123456'). Device commands and returned device info (IP, MAC, firmware, sensor readings) will pass through that broker. If you require privacy or control, run the script on an isolated network or modify it to use your own broker/credentials.
- Local persistence: MAC addresses a...详细分析 ▾
✓ 用途与能力
Name/description, required binaries (python3), dependency (paho-mqtt), and the provided script all match the stated purpose of full MQTT-based management of ST200TH devices. The MQTT broker, topics, and commands in the code correspond to device management/OTA/configuration operations described in SKILL.md.
ℹ 指令范围
SKILL.md instructs the agent to run the provided Python script with device MACs and manage devices; the instructions do not ask for unrelated files/credentials. Important runtime behaviors to note: the skill will connect to an external MQTT broker (mqtt.likong-iot.com) and publish/subscribe device commands/responses, and it persists device entries (MACs/names) to a local devices.json file in the skill directory.
✓ 安装机制
Installation pulls paho-mqtt via the package manager (PyPI). No arbitrary remote download URLs or extracted archives are used; this is a standard Python dependency installation.
ℹ 凭证需求
The skill declares no required environment variables and requests no user secrets. However, the script contains hardcoded MQTT connection parameters (broker host, port, username 'public', password 'Aa123456'), which means the skill will communicate using those built-in credentials rather than asking the user for keys. This is coherent with its purpose but is a privacy/operational consideration (all device traffic goes through that broker with those credentials).
✓ 持久化与权限
The skill is not always-enabled and does not require elevated privileges. It persists a local devices.json (in the skill directory) to remember MACs/names—expected for the 'remember MAC' feature and limited in scope.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.22026/3/31
NULL
● Pending
安装命令
点击复制官方npx clawhub@latest install st200th-mqtt
镜像加速npx clawhub@latest install st200th-mqtt --registry https://cn.longxiaskill.com