功能描述

Closeli Device List Query API. Used to retrieve the device list under the current account and return basic information such as device name, MAC, and IMEI. Us...

使用说明 (SKILL.md)

Device List Query API

Name: Closeli Open Device List Query
Author: closeli-open

POST /api/device/list is used to query all devices bound to the currently authenticated user. This API does not require a request body. The device list is automatically associated through the api_key.

⚠️ Display Rules (MUST Be Strictly Followed)

The script outputs structured data in JSON format, which is the expected behavior. The following display rules are formatting instructions for the agent: the agent MUST parse the JSON output from the script and convert it into a user-friendly format according to the rules below before displaying it, and MUST NOT display the raw JSON directly.

When code == 0 and data is not empty, display it as a table:

MAC Address	Device Name
aabbccddeeff	Living Room Camera

Key rule: device_id MUST remove the xxxxS_ prefix before being displayed as the MAC address. The table header MUST be written as "MAC Address" and MUST NOT be written as "Device ID".

When data is an empty array, reply: "There are no devices bound under the current account."
When code != 0, reply: "API call failed, error code {code}, reason: {message}"

Prerequisites

The script depends on httpx. If it is not installed, the script will prompt python3 -m pip install httpx.

Configuration Declaration

This skill depends on the following configuration items. The agent and user MUST confirm that they are correctly configured before running.

Required Configuration

Configuration Item	Delivery Method	Description
AI_GATEWAY_API_KEY	Environment variable (recommended), `~/.openclaw/.env` (fallback), command line `--api-key`	API key used for API authentication. The script automatically retrieves it according to this priority order

Optional Configuration

Configuration Item	Delivery Method	Default Value	Description
AI_GATEWAY_HOST	Environment variable, `~/.openclaw/.env`	`https://ai-open.icloseli.com`	Gateway address
AI_GATEWAY_VERIFY_SSL	Environment variable	true	Set to false to disable TLS certificate verification (development environments only)
AI_GATEWAY_NO_ENV_FILE	Environment variable	false	Set to true to disable fallback loading from `~/.openclaw/.env` (recommended for production environments)

Fallback Configuration Path

By default, the script reads the ~/.openclaw/.env file as the fallback configuration source. This file is shared by all skills and uses the format KEY=VALUE (one entry per line). In production environments, you MUST set AI_GATEWAY_NO_ENV_FILE=true to disable this fallback and instead pass all configuration directly through environment variables.

Security Notes

The shared credential file ~/.openclaw/.env can be read by all skills under the same user. In production environments, you MUST pass the API_KEY through environment variables and MUST NOT rely on the shared credential file
TLS certificate verification is enabled by default and MUST NOT be disabled in production environments (disabling it introduces man-in-the-middle attack risks, allowing attackers to intercept the API_KEY and device data)
Before use, you MUST confirm that AI_GATEWAY_HOST points to a trusted domain
You MUST use a least-privilege API_KEY and avoid reusing high-privilege credentials. This skill only requires device list query permission

Network Access Declaration

This skill only accesses the following endpoints (all are paths under AI_GATEWAY_HOST):

Endpoint	Method	Purpose
/api/device/list	POST	Query the list of devices bound to the user

The script does not access any other network resources.

Quick Start

python3 list_devices.py

Authentication Method

Bearer Token authentication is used. The script automatically carries Authorization: Bearer \x3Capi_key> in the request header.

Request Format

Request Headers

Parameter Name	Type	Required	Description
Content-Type	string	Yes	`application/json`
Authorization	string	Yes	`Bearer \x3Capi_key>`, a 32-character hexadecimal string

Request Body

No request body is required.

Response Format

{
  "code": 0,
  "message": "success",
  "request_id": "\x3C32-character request trace ID>",
  "data": [
    {
      "device_id": "xxxxS_aabbccddeeff",
      "device_name": "Living Room Camera"
    }
  ]
}

`data` Field (Device Array)

Parameter Name	Type	Description
device_id	string	Device ID, format: `xxxxS_\x3Cmac_address>`. All subsequent device APIs use this format
device_name	string	Device name, a user-defined device alias

Error Codes

Error Code	HTTP Status Code	Description
1001	401	api_key not provided (missing Authorization header or incorrect format)
1002	401	api_key is invalid or disabled
3001	502	Internal gateway service call failed
3004	502	Internal gateway service call failed
5000	500	Internal error

Notes

The device_id format is xxxxS_\x3Cmac>, which is the identifier used by all subsequent device-related APIs
IMPORTANT: device_id is case-sensitive. The prefix MUST be lowercase xxxxS_, NOT uppercase XXXXS_. The script will auto-correct the case, but the agent SHOULD always pass the correct lowercase format
The global request timeout is 120 seconds

安全使用建议

This skill appears coherent for querying a device list. Before installing, ensure you: (1) provide a least-privilege AI_GATEWAY_API_KEY (do not reuse high-privilege keys); (2) avoid storing the key in the shared fallback file (~/.openclaw/.env) in production — set AI_GATEWAY_NO_ENV_FILE=true and pass the key via environment variables instead; (3) confirm AI_GATEWAY_HOST points to a trusted endpoint (the script will call whatever host you configure); (4) do not disable SSL verification in production (AI_GATEWAY_VERIFY_SSL=false weakens security). Note the registry metadata and SKILL.md disagree about whether ~/.openclaw/.env is a required config path — if you rely on that fallback behavior, verify it works as expected. Overall the files match the stated purpose.

功能分析

Type: OpenClaw Skill Name: api-device-list1 Version: 1.0.2 The skill is a standard API client designed to retrieve a device list from the Closeli platform (ai-open.icloseli.com). The Python script (list_devices.py) and agent instructions (SKILL.md) are transparent, well-documented, and include appropriate security warnings regarding TLS verification and the use of shared credential files (~/.openclaw/.env). No malicious behavior or suspicious exfiltration patterns were identified.

能力标签

requires-oauth-tokenrequires-sensitive-credentials

能力评估

✓ Purpose & Capability

Name/description, required binary (python3), primary credential (AI_GATEWAY_API_KEY), and the script's behavior all align with querying a device list from a Closeli gateway. The only minor inconsistency is that the registry metadata lists no required config paths while SKILL.md declares a fallback config path (~/.openclaw/.env). This appears to be a documentation/metadata mismatch rather than malicious behavior.

✓ Instruction Scope

SKILL.md and list_devices.py restrict network access to POST /api/device/list on AI_GATEWAY_HOST. The runtime instructions require parsing the JSON and formatting output (including removing the 'xxxxS_' prefix) — which matches the device-list purpose. The script reads a local fallback config file (~/.openclaw/.env) as declared in the documentation; this is expected but worth noting because that file is shared across skills.

✓ Install Mechanism

There is no install spec; this is an instruction-only skill with one Python script. It depends on the public httpx package and prompts to install it via pip if missing. No downloads from untrusted URLs or archive extraction are present.

✓ Credentials

The skill only requires AI_GATEWAY_API_KEY as its primary credential and optionally uses AI_GATEWAY_HOST, AI_GATEWAY_VERIFY_SSL, and AI_GATEWAY_NO_ENV_FILE for configuration. These variables are proportionate to a gateway API client. The fallback to a shared ~/.openclaw/.env is declared in the SKILL.md and is explicitly warned against for production use.

✓ Persistence & Privilege

The skill does not request always:true and does not modify other skills or system-wide settings. It only reads a per-user fallback config file and environment variables; this is within expected bounds for a CLI-style integration.

版本历史

v1.0.2

Version 1.0.2 of api-device-list - All documentation has been translated from Chinese to English. - Default API gateway address updated to https://ai-open.icloseli.com. - Additional note added: device_id is case-sensitive and must use lowercase 'xxxxS_' prefix. - No code changes detected; update is documentation only.

v1.0.1

- 更新 skill 描述，更突出“Closeli 设备列表查询接口”及基础信息用途。 - 明确安全要求：必须设置 AI_GATEWAY_API_KEY 环境变量，并建议在 APP 的 AI 设置页获取最小权限凭证。 - 内容精简并优化，对重点场景和安全要求表述更加直接。 - 技术接口和展示规则保持不变，无接口参数或行为变更。

v1.0.0

- Initial release of the api-device-list skill. - Supports querying all devices bound to the current user via POST /api/device/list. - Requires AI_GATEWAY_API_KEY for authentication (set via environment variable, config file, or CLI). - Outputs a table with "MAC 地址" and "设备名称" in a user-friendly format; provides clear error and empty-state messages. - Includes robust configuration, security guidelines, and network access limitations.

元数据

Slug api-device-list1

版本 1.0.2

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 3

常见问题

Closeli Open Device List Query 是什么？

Closeli Device List Query API. Used to retrieve the device list under the current account and return basic information such as device name, MAC, and IMEI. Us... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 148 次。

如何安装 Closeli Open Device List Query？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install api-device-list1」即可一键安装，无需额外配置。

Closeli Open Device List Query 是免费的吗？

是的，Closeli Open Device List Query 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Closeli Open Device List Query 支持哪些平台？

Closeli Open Device List Query 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Closeli Open Device List Query？

由 CloseliOpenTeam（@closeli-open）开发并维护，当前版本 v1.0.2。

Closeli Open Device List Query