Description

Hik-Connect for Teams (HCT) Developer Skills. Integrates a series of skills for managing and controlling HCT devices, including resource management, access c...

README (SKILL.md)

\r \r

Hik-Connect Team Skills\r

Name: hik-connect-team-skill
Author: hikconnectteam

\r

1. Introduction\r

Hik-Connect_Team_Skills is a full-featured integration Skills designed specifically for Hik-Connect for Teams (HCT) developers. Based on the HCTOpen OpenAPI system, it encapsulates core capabilities from basic resource management to advanced alarm push through Python scripts.\r \r This Skills adopts a modular design with built-in automated Token maintenance mechanisms, dynamic path searching, and standardized error handling, aiming to help developers quickly build HCT-based automated O&M, security monitoring, and business integration systems.\r \r ---\r \r

2. Core Modules Deep Dive\r

\r This Skills consists of five core sub-modules, each providing deep support for specific business scenarios:\r \r | Module Name | Core Functions | Core Scripts | Applicable Scenarios |\r |:---------------------------------------------------------------------------|:----------------------------------------------------------|:-----------------------------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------|\r | 📦 Resource Management | Device discovery, detail acquisition, channel enumeration | list_devices.py\x3Cbr>device_detail.py\x3Cbr>device_channels.py\x3Cbr>list_doors.py | Asset inventory, obtaining device serial numbers and channel IDs, access control resources, synchronizing organizational structure resources. |\r | 🚪 Access Control (ACS) | Remote open/close, normally open/normally closed control | acs_control.py | Remote office collaboration, unattended entrance management, access control linkage in emergencies. |\r | 📸 Device Capture | Real-time trigger capture, obtain image URL | capture_pic.py | Anomaly verification, real-time screen preview, manual secondary verification of AI recognition results. |\r | 🎥 Video Streaming | Obtain real-time video stream | get_video_url.py | Real-time monitoring embedding, remote video inspection, third-party monitoring large screen integration. |\r | 🔔 Alarm Push (Alarm) | Webhook subscription, fine-grained event management | webhook_manager.py\x3Cbr>event_manager.py | Real-time alarm notification, third-party system integration (e.g., Feishu/DingTalk robots). |\r \r ---\r \r

3. Environment Preparation and Global Configuration\r

\r

3.1 Credential Configuration\r

\r Before using any module, credentials must be configured. The system supports two methods:\r \r

Method A: Environment Variables (Recommended)\r

\r

# Required: Obtain from Hik-Connect HCT Developer Platform\r
export HIK_CONNECT_TEAM_OPENAPI_APP_KEY="Your Hik-Connect Team OpenAPI AppKey"\r
export HIK_CONNECT_TEAM_OPENAPI_SECRET_KEY="Your Hik-Connect Team OpenAPI SecretKey"\r
# Note: API domain is automatically obtained from token response (no longer required)\r
\r
# Optional: Token cache configuration (enabled by default to reduce API call frequency)\r
export HIK_CONNECT_TEAM_TOKEN_CACHE="1"  # 1=Enabled, 0=Disabled\r
```\r
\r
#### Method B: OpenClaw Config Files (Fallback)\r
\r
If environment variables are not set, the system will automatically search for credentials in OpenClaw config files:\r
\r
```\r
Config search order (first found wins):\r
1. ~/.openclaw/config.json\r
2. ~/.openclaw/gateway/config.json\r
3. ~/.openclaw/channels.json\r
```\r
\r
Config format:\r
```json\r
{\r
  "channels": {\r
    "hik_connect_team_openapi": {\r
      "appKey": "Your Hik-Connect Team OpenAPI AppKey",\r
      "secretKey": "Your Hik-Connect Team OpenAPI SecretKey",\r
      "enabled": true\r
    }\r
  }\r
}\r
```\r
\r
**Recommended: Save to `~/.openclaw/channels.json`** — This is the dedicated file for channel credentials.\r
\r
**⚠️ Security Note**: Storing credentials in config files is convenient but introduces some risk. Environment variables are recommended for better security.\r
\r
\r
### 3.2 Dependency Installation\r
This Skills is developed based on Python 3.8+. It is recommended to install necessary dependencies using the following command:\r
```bash\r
pip3 install requests tabulate pycryptodome Pillow\r
```\r
\r
---\r
\r
## 🔒 Config File Reading Details\r
\r
**Credential Priority** (Highest to Lowest):\r
\r
```\r
┌─────────────────────────────────────────────────────────────┐\r
│ 1. Environment Variables (Highest Priority - Recommended)    │\r
│    ├─ HIK_CONNECT_TEAM_OPENAPI_APP_KEY                              │\r
│    └─ HIK_CONNECT_TEAM_OPENAPI_SECRET_KEY                           │\r
│    ✅ Advantage: No config file reading, fully isolated    │\r
├─────────────────────────────────────────────────────────────┤\r
│ 2. OpenClaw Config Files (Only when env vars not set)        │\r
│    ├─ ~/.openclaw/config.json                               │\r
│    ├─ ~/.openclaw/gateway/config.json                       │\r
│    └─ ~/.openclaw/channels.json                             │\r
│    ⚠️ Note: Only reads channels.hik_connect_team_openapi field    │\r
├─────────────────────────────────────────────────────────────┤\r
```\r
\r
## 4. Directory Structure Description\r
```text\r
Hik-Connect_Team_Skills/\r
├── SKILL.md                # This guide file (Full-featured integration guide)\r
├── lib/                    # Core library\r
│   └── token_manager.py    # Encapsulates HCTOpenClient base class, handles Token refresh, request retries, and path searching\r
└── modules/                # Functional sub-modules\r
    ├── Hik-Connect_Team_Resource/  # Resource Management: Devices, channels, details\r
    ├── Hik-Connect_Team_ACS/       # Access Control: Open/close, normally open/normally closed\r
    ├── Hik-Connect_Team_Capture/   # Device Capture: Real-time trigger, URL acquisition\r
    ├── Hik-Connect_Team_Video/     # Video Streaming: Real-time preview address acquisition\r
    └── Hik-Connect_Team_Alarm/     # Alarm Push: Webhook management, event subscription\r
```\r
\r
---\r
\r
## 5. Security and Best Practices\r
\r
1.  **Token Security**: The Skills automatically caches Tokens locally. Please ensure the security of the running environment to prevent unauthorized reading of cache files in the `lib/` directory.\r
2.  **HTTPS Mandatory Requirement**: All Webhook callbacks from the HCT platform must use HTTPS. It is recommended to use `ngrok` or `cpolar` with SSL certificates for secure access.\r
3.  **Signature Verification**: In the Alarm module, be sure to configure `signSecret` and implement HMAC-SHA256 signature verification on your receiving end to prevent forged alarm pushes.\r
4.  **Error Handling**: All scripts return standard JSON format. If `success` is `false`, please check the `message` field for detailed error reasons.\r
\r
---\r

Usage Guidance

This package appears to implement what it claims, but review these items before using: 1) Registry metadata omission: the registry lists no required env vars but the code requires HIK_CONNECT_TEAM_OPENAPI_APP_KEY and HIK_CONNECT_TEAM_OPENAPI_SECRET_KEY — set env vars or inspect token_manager.py to understand fallback behavior. 2) Inspect lib/token_manager.py and modules/*/scripts/server.js for any unexpected network calls, logging, or credential handling (these are the highest-risk files). 3) If you don't want this skill to read credentials from disk, ensure the exact OpenClaw config files (~/.openclaw/config.json, gateway/config.json, channels.json) do not contain sensitive keys, or set the env vars instead. 4) If you enable the Alarm webhook (server.js), run it in a controlled network environment (do not expose port 3090 publicly without a reverse proxy and TLS), and examine package.json/server.js for any third-party callbacks or forwarding logic. 5) Create limited-permission Hik-Connect app credentials for testing, rotate keys regularly, and consider disabling token caching during initial testing (HIK_CONNECT_TEAM_TOKEN_CACHE=0). If you want greater assurance, ask the author for an explicit list of file access and outbound endpoints or provide the full token_manager.py and server.js for manual review.

Capability Analysis

Type: OpenClaw Skill Name: hik-connect-team-skill Version: 1.0.0 The skill bundle integrates Hik-Connect for Teams (HCT) and exhibits high-risk behaviors, primarily the automated reading of sensitive OpenClaw configuration files from the user's home directory (~/.openclaw/config.json, channels.json) to retrieve credentials and gateway settings (lib/token_manager.py). It also includes a Node.js server (modules/Hik-Connect_Team_Alarm/scripts/server.js) that establishes a local network listener to forward webhook data to the OpenClaw gateway. While these capabilities are documented and plausibly required for the stated purpose of device management and alarm monitoring, the broad file system access and network activity represent a significant security risk without further isolation.

Capability Tags

cryptorequires-oauth-tokenrequires-sensitive-credentials

Capability Assessment

ℹ Purpose & Capability

The code files and SKILL.md align with the stated purpose: resource management, video capture/streaming, ACS control, and webhook-based alarm push for Hik-Connect for Teams. However the registry metadata lists no required environment variables while the SKILL.md and module metadata clearly require HIK_CONNECT_TEAM_OPENAPI_APP_KEY and HIK_CONNECT_TEAM_OPENAPI_SECRET_KEY — a mismatch that could lead to surprise behavior at runtime.

ℹ Instruction Scope

Runtime instructions and scripts stay within the stated domain (calling HCTOpen APIs, obtaining tokens, caching tokens, and optionally running a local webhook server). They explicitly read credentials from environment variables and (as a fallback) from OpenClaw config files (~/.openclaw/*.json). Reading those config files is justified for fallback, but it does access user config paths and therefore can obtain credentials from disk if env vars are not set — the SKILL.md documents this, but you should confirm it only reads the declared channel entry (the docs claim it only reads channels.hik_connect_team_openapi).

✓ Install Mechanism

There is no install spec — this is an instruction-and-code bundle. That is lower-risk than arbitrary download/install steps. The package includes Python scripts and a Node.js webhook server (server.js) but does not attempt to fetch or execute external installers. The README warns Node is required for the webhook service.

⚠ Credentials

The functional credential needs are proportional (two Hik-Connect OpenAPI credentials + optional token cache flags). However the declared registry requirements are empty while SKILL.md and module metadata require HIK_CONNECT_TEAM_OPENAPI_APP_KEY and HIK_CONNECT_TEAM_OPENAPI_SECRET_KEY — this discrepancy is concerning. Also the code will read ~/.openclaw/*.json as fallback; if those files contain other sensitive channel entries, a misconfigured implementation could surface unintended secrets. Token caching in /tmp and suggested .env usage are documented, but confirm token_manager.py behavior before running.

✓ Persistence & Privilege

The skill does not request always:true and does not auto-enable itself. It will only run when you invoke its scripts or explicitly start its webhook server. The Webhook module includes a Node server intended to be started by the user (binds port 3090 in documentation) — this is expected for webhook functionality but is a potential exposure if started on a public interface without proper network controls.

Version History

v1.0.0

Initial release of Hik-Connect Team Skills – an integration toolkit for Hik-Connect for Teams (HCT) device management. - Provides modular Python scripts for resource management, access control, device capture, video streaming, and alarm push. - Global configuration via environment variables or OpenClaw config files: requires AppKey and SecretKey. - Automatic token management and standardized error handling included. - Structured to support batch operations, real-time monitoring, and business system integration. - Detailed setup instructions and security best practices provided in documentation.

Metadata

Slug hik-connect-team-skill

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is hik-connect-team-skill?

Hik-Connect for Teams (HCT) Developer Skills. Integrates a series of skills for managing and controlling HCT devices, including resource management, access c... It is an AI Agent Skill for Claude Code / OpenClaw, with 52 downloads so far.

How do I install hik-connect-team-skill?

Run "/install hik-connect-team-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is hik-connect-team-skill free?

Yes, hik-connect-team-skill is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does hik-connect-team-skill support?

hik-connect-team-skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created hik-connect-team-skill?

It is built and maintained by HikConnectTeamOpen (@hikconnectteam); the current version is v1.0.0.

More Skills

hik-connect-team-skill