← Back to Skills Marketplace
tuituijcb

MiGPT Xiaomi Assistant

by tuituijcb · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
437
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install migpt-xiaomi-assistant
Description
Deploy MiGPT on a Xiaomi smart speaker to replace the built-in AI with a custom LLM-powered voice assistant. Use when: (1) setting up mi-gpt on a Xiaomi/Redm...
Usage Guidance
This skill mostly documents how to run MiGPT on Xiaomi speakers, but it includes an explicit MIoT authentication bypass that requires collecting browser cookies, Xiaomi passwords, and writing tokens to disk plus patching node_modules. Before using: (1) Verify the source repository and maintainer — prefer an upstream/official repo; (2) do not paste browser cookies or passwords into tools or agents you don't fully trust; collect credentials manually and store them securely (use a temporary account if possible); (3) avoid enabling debug (it will log env vars including API keys); (4) understand that the provided patches persistently alter installed packages and will be overwritten by updates — prefer patch-package or postinstall scripts and keep patches under version control; (5) consider alternatives that do not require auth bypass (e.g., configure device via official app, disable native voice replies in the Xiaomi app instead of cookie injection); (6) if you must proceed, inspect every line of the cookie-exchange and file-write code yourself and only run it locally on a machine you control. Additional useful information to raise confidence: a verifiable upstream project URL, evidence that the cookie-exchange method is an accepted/official workaround (not an exploit), or a clear statement about whether the skill ever transmits credentials to external servers (currently it stores them locally).
Capability Analysis
Type: OpenClaw Skill Name: migpt-xiaomi-assistant Version: 1.0.0 The skill provides instructions for deploying a custom AI assistant on Xiaomi speakers but includes high-risk procedures for bypassing security mechanisms. Specifically, 'references/miot-auth-bypass.md' describes how to manually extract and inject sensitive browser session cookies (including passport hashes and device IDs) into local configuration files to circumvent Xiaomi's security verification loops. Furthermore, 'references/patches.md' instructs the agent to modify third-party library code within 'node_modules' to skip authentication checks. While these actions are presented as workarounds for documented technical limitations of the MiGPT framework, the handling of session tokens and the modification of dependency code represent significant security risks that could be exploited if the environment is compromised.
Capability Assessment
Purpose & Capability
Most of the files and instructions (config template, MIoT command mapping, streamResponse handling, latency guidance) are coherent with the stated goal of deploying MiGPT on Xiaomi speakers. However, the inclusion of a browser cookie 'injection' procedure and explicit code to persist serviceToken/ssecurity/passwords goes beyond typical setup guidance: it's a direct authentication bypass step that is sensitive even if it serves the deployment goal.
Instruction Scope
Runtime instructions tell the user/agent to collect browser cookies and Xiaomi credentials, run code that exchanges passToken/serviceToken, write those credentials into .mi.json, and patch files inside node_modules to skip login and change behavior. These are persistent, privileged operations that handle highly sensitive secrets and alter installed package code. The instructions also recommend enabling debug which will dump env vars (explicitly warns this leaks API keys). The skill does not limit or clarify how browser cookies should be collected or protected — this broad and persistent handling of secrets is a significant scope expansion from a simple deployment guide.
Install Mechanism
There is no install spec (instruction-only), which is lower-risk in terms of arbitrary downloads. The guide expects npm install of mi-gpt and mi-service-lite and manual patches to node_modules; modifying node_modules is risky (will be overwritten on updates) but not unusual for local hacks. No remote or obfuscated download URLs are used in the skill files themselves.
Credentials
The skill metadata declares no required env vars or credentials, yet the instructions clearly require an OpenAI-compatible API key (OPENAI_API_KEY/OPENAI_BASE_URL) and Xiaomi account credentials and browser cookies (userId, password, passport_slh, passport_ph, deviceId, passToken, ssecurity, serviceToken). Requesting and storing these highly sensitive values is disproportionate to a registry entry that declares none — metadata mismatch increases risk and surprises users about what secrets will be needed and stored.
Persistence & Privilege
The skill does not request 'always:true' and has no special platform privileges. However, instructions explicitly persist credentials into .mi.json and propose patching node_modules to change login behavior — these actions create long-lived local credentials and altered package behavior. That persistence increases risk (stale or leaked tokens, elevated access) but the skill does not ask to modify other skills or system-wide agent configuration.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install migpt-xiaomi-assistant
  3. After installation, invoke the skill by name or use /migpt-xiaomi-assistant
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: deploy custom LLM voice assistant on Xiaomi smart speakers
Metadata
Slug migpt-xiaomi-assistant
Version 1.0.0
License
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is MiGPT Xiaomi Assistant?

Deploy MiGPT on a Xiaomi smart speaker to replace the built-in AI with a custom LLM-powered voice assistant. Use when: (1) setting up mi-gpt on a Xiaomi/Redm... It is an AI Agent Skill for Claude Code / OpenClaw, with 437 downloads so far.

How do I install MiGPT Xiaomi Assistant?

Run "/install migpt-xiaomi-assistant" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is MiGPT Xiaomi Assistant free?

Yes, MiGPT Xiaomi Assistant is completely free (open-source). You can download, install and use it at no cost.

Which platforms does MiGPT Xiaomi Assistant support?

MiGPT Xiaomi Assistant is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created MiGPT Xiaomi Assistant?

It is built and maintained by tuituijcb (@tuituijcb); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments