← Back to Skills Marketplace
believe3344

xiaoai-ha-control

by believe3344 · GitHub ↗ · v1.1.0 · MIT-0
cross-platform ⚠ suspicious
114
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install xiaoai-ha-control
Description
通过 Home Assistant + Xiaomi Miot 控制小爱音箱,并可选支持“小爱语音 → OpenClaw”的桥接。适用于两类场景:1) 用户要求“让小爱说一句… / 播报… / 通知…”、“告诉小爱… / 让小爱执行…”、“让小爱播放音频 / mp3 / 链接”时,使用本 skill 进行下行控制...
Usage Guidance
Key things to check before installing: - Expect to provide sensitive env vars even though the registry shows none: HA_URL, HA_TOKEN, XIAOAI_PLAY_TEXT_ENTITY_ID, XIAOAI_EXECUTE_TEXT_ENTITY_ID, XIAOAI_MEDIA_PLAYER_ENTITY_ID (and optionally OPENCLAW_BIN). Do not commit or share your .env containing HA_TOKEN. - The bridge (bridge_server.py) binds to 0.0.0.0:8765 by default. If you run it, restrict access with a firewall, bind it to localhost, or configure a reverse proxy that requires authentication so it isn't reachable from untrusted networks. - The bridge executes local subprocesses (openclaw and the xiaoai scripts) and writes logs/status files in the skill directory. Review the code to ensure prompts and outputs meet your privacy needs; consider running it in a confined account or container. - The README references whitelist.json.example and copying a whitelist; verify that whitelist.json exists before enabling forwarding. Use the whitelist to avoid forwarding device-control commands you want Xiaoai to handle natively. - If you plan to enable autostart (systemd/launchd), follow the README's launchd notes: do not double-daemonize, and ensure PATH/OPENCLAW_BIN are explicitly set in the service environment. If these points are acceptable and you harden network exposure and protect HA_TOKEN, the skill's behavior is coherent with its stated purpose. If you cannot restrict the bridge port or do not want local services to invoke OpenClaw automatically, do not enable the bridge component.
Capability Analysis
Type: OpenClaw Skill Name: xiaoai-ha-control Version: 1.1.0 The skill bundle provides a legitimate integration between OpenClaw and Home Assistant for controlling Xiaomi speakers. It facilitates both 'downlink' control (making the speaker talk or execute commands via xiaoai_say.sh and xiaoai_execute.sh) and an 'uplink' bridge (bridge_server.py) that receives voice commands from Home Assistant. While the bridge server runs unauthenticated on the local network and executes shell commands via subprocess, these are functional requirements for its stated purpose. The scripts demonstrate security awareness by using Python's json.dumps to properly escape user-provided strings before inclusion in shell-executed curl commands, mitigating common injection risks.
Capability Assessment
Purpose & Capability
The skill's name/description align with the code and scripts: the shell scripts and bridge_server.py legitimately need a Home Assistant URL/token and entity IDs to control Xiaoai and to forward Xiaoai conversation text to OpenClaw. However the registry metadata lists no required environment variables while the SKILL.md and scripts clearly expect HA_URL, HA_TOKEN, XIAOAI_*_ENTITY_ID and optionally OPENCLAW_BIN — this mismatch is an inconsistency that should be fixed/verified before use.
Instruction Scope
SKILL.md and the scripts stay within the stated domain (calling Home Assistant APIs, invoking local OpenClaw, and optionally running a local bridge). The bridge_server.py runs subprocesses (calls the openclaw binary and the included xiaoai.sh), writes status/log files in the skill directory, and accepts POSTs to forward text to OpenClaw. These behaviors are expected for a bridge but grant the service permission to run local commands and produce network I/O — review and control where the bridge is reachable and which prompts it sends to OpenClaw.
Install Mechanism
This is an instruction-only skill with bundled scripts and Python code; there is no remote download/install step. No external installers or arbitrary archive downloads are used, so installation risk is limited to running the included code locally.
Credentials
The runtime needs sensitive credentials (Home Assistant long-lived access token) and entity IDs as documented in SKILL.md and the scripts, but the registry metadata did not declare these required env variables. Storing HA_TOKEN in a local .env file is necessary for operation; protect it. The bridge also requires an OPENCLAW_BIN (or will call 'openclaw' from PATH), which may cause the bridge to invoke the main agent and therefore generate outbound model activity — this is expected but sensitive.
Persistence & Privilege
bridge_server.py listens by default on 0.0.0.0:8765 and start_bridge.sh instructs running it as a daemon / via systemd/launchd. That makes the bridge a persistent network service; if started on a machine with public network exposure it could accept unsolicited requests unless firewalling/restricting is applied. The skill does not request unusual system privileges, but its default network binding and suggested persistent setup are notable security considerations.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install xiaoai-ha-control
  3. After installation, invoke the skill by name or use /xiaoai-ha-control
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
Docs aligned with latest bridge architecture; default bridge_auto_say_enabled=false; main owns XiaoAI spoken output by default; improved launchd guidance, whitelist config docs, and bridge logging semantics; removed sensitive runtime files from publish bundle.
v1.0.0
首发版本:支持通过 Home Assistant 控制小爱音箱(say/exec/play),可选小爱→OpenClaw 语音桥接,白名单可自定义配置,bridge 支持 --daemon 后台运行
Metadata
Slug xiaoai-ha-control
Version 1.1.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is xiaoai-ha-control?

通过 Home Assistant + Xiaomi Miot 控制小爱音箱,并可选支持“小爱语音 → OpenClaw”的桥接。适用于两类场景:1) 用户要求“让小爱说一句… / 播报… / 通知…”、“告诉小爱… / 让小爱执行…”、“让小爱播放音频 / mp3 / 链接”时,使用本 skill 进行下行控制... It is an AI Agent Skill for Claude Code / OpenClaw, with 114 downloads so far.

How do I install xiaoai-ha-control?

Run "/install xiaoai-ha-control" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is xiaoai-ha-control free?

Yes, xiaoai-ha-control is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does xiaoai-ha-control support?

xiaoai-ha-control is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created xiaoai-ha-control?

It is built and maintained by believe3344 (@believe3344); the current version is v1.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments