功能描述

Hik-Connect for Teams (HCT) Developer Skills. Integrates a series of skills for managing and controlling HCT devices, including resource management, access c...

使用说明 (SKILL.md)

\r \r

Hik-Connect Team Skills\r

Name: hik-connect-team-skill
Author: hikconnectteam

\r

1. Introduction\r

Hik-Connect_Team_Skills is a full-featured integration Skills designed specifically for Hik-Connect for Teams (HCT) developers. Based on the HCTOpen OpenAPI system, it encapsulates core capabilities from basic resource management to advanced alarm push through Python scripts.\r \r This Skills adopts a modular design with built-in automated Token maintenance mechanisms, dynamic path searching, and standardized error handling, aiming to help developers quickly build HCT-based automated O&M, security monitoring, and business integration systems.\r \r ---\r \r

2. Core Modules Deep Dive\r

\r This Skills consists of five core sub-modules, each providing deep support for specific business scenarios:\r \r | Module Name | Core Functions | Core Scripts | Applicable Scenarios |\r |:---------------------------------------------------------------------------|:----------------------------------------------------------|:-----------------------------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------|\r | 📦 Resource Management | Device discovery, detail acquisition, channel enumeration | list_devices.py\x3Cbr>device_detail.py\x3Cbr>device_channels.py\x3Cbr>list_doors.py | Asset inventory, obtaining device serial numbers and channel IDs, access control resources, synchronizing organizational structure resources. |\r | 🚪 Access Control (ACS) | Remote open/close, normally open/normally closed control | acs_control.py | Remote office collaboration, unattended entrance management, access control linkage in emergencies. |\r | 📸 Device Capture | Real-time trigger capture, obtain image URL | capture_pic.py | Anomaly verification, real-time screen preview, manual secondary verification of AI recognition results. |\r | 🎥 Video Streaming | Obtain real-time video stream | get_video_url.py | Real-time monitoring embedding, remote video inspection, third-party monitoring large screen integration. |\r | 🔔 Alarm Push (Alarm) | Webhook subscription, fine-grained event management | webhook_manager.py\x3Cbr>event_manager.py | Real-time alarm notification, third-party system integration (e.g., Feishu/DingTalk robots). |\r \r ---\r \r

3. Environment Preparation and Global Configuration\r

\r

3.1 Credential Configuration\r

\r Before using any module, credentials must be configured. The system supports two methods:\r \r

Method A: Environment Variables (Recommended)\r

\r

# Required: Obtain from Hik-Connect HCT Developer Platform\r
export HIK_CONNECT_TEAM_OPENAPI_APP_KEY="Your Hik-Connect Team OpenAPI AppKey"\r
export HIK_CONNECT_TEAM_OPENAPI_SECRET_KEY="Your Hik-Connect Team OpenAPI SecretKey"\r
# Note: API domain is automatically obtained from token response (no longer required)\r
\r
# Optional: Token cache configuration (enabled by default to reduce API call frequency)\r
export HIK_CONNECT_TEAM_TOKEN_CACHE="1"  # 1=Enabled, 0=Disabled\r
```\r
\r
#### Method B: OpenClaw Config Files (Fallback)\r
\r
If environment variables are not set, the system will automatically search for credentials in OpenClaw config files:\r
\r
```\r
Config search order (first found wins):\r
1. ~/.openclaw/config.json\r
2. ~/.openclaw/gateway/config.json\r
3. ~/.openclaw/channels.json\r
```\r
\r
Config format:\r
```json\r
{\r
  "channels": {\r
    "hik_connect_team_openapi": {\r
      "appKey": "Your Hik-Connect Team OpenAPI AppKey",\r
      "secretKey": "Your Hik-Connect Team OpenAPI SecretKey",\r
      "enabled": true\r
    }\r
  }\r
}\r
```\r
\r
**Recommended: Save to `~/.openclaw/channels.json`** — This is the dedicated file for channel credentials.\r
\r
**⚠️ Security Note**: Storing credentials in config files is convenient but introduces some risk. Environment variables are recommended for better security.\r
\r
\r
### 3.2 Dependency Installation\r
This Skills is developed based on Python 3.8+. It is recommended to install necessary dependencies using the following command:\r
```bash\r
pip3 install requests tabulate pycryptodome Pillow\r
```\r
\r
---\r
\r
## 🔒 Config File Reading Details\r
\r
**Credential Priority** (Highest to Lowest):\r
\r
```\r
┌─────────────────────────────────────────────────────────────┐\r
│ 1. Environment Variables (Highest Priority - Recommended)    │\r
│    ├─ HIK_CONNECT_TEAM_OPENAPI_APP_KEY                              │\r
│    └─ HIK_CONNECT_TEAM_OPENAPI_SECRET_KEY                           │\r
│    ✅ Advantage: No config file reading, fully isolated    │\r
├─────────────────────────────────────────────────────────────┤\r
│ 2. OpenClaw Config Files (Only when env vars not set)        │\r
│    ├─ ~/.openclaw/config.json                               │\r
│    ├─ ~/.openclaw/gateway/config.json                       │\r
│    └─ ~/.openclaw/channels.json                             │\r
│    ⚠️ Note: Only reads channels.hik_connect_team_openapi field    │\r
├─────────────────────────────────────────────────────────────┤\r
```\r
\r
## 4. Directory Structure Description\r
```text\r
Hik-Connect_Team_Skills/\r
├── SKILL.md                # This guide file (Full-featured integration guide)\r
├── lib/                    # Core library\r
│   └── token_manager.py    # Encapsulates HCTOpenClient base class, handles Token refresh, request retries, and path searching\r
└── modules/                # Functional sub-modules\r
    ├── Hik-Connect_Team_Resource/  # Resource Management: Devices, channels, details\r
    ├── Hik-Connect_Team_ACS/       # Access Control: Open/close, normally open/normally closed\r
    ├── Hik-Connect_Team_Capture/   # Device Capture: Real-time trigger, URL acquisition\r
    ├── Hik-Connect_Team_Video/     # Video Streaming: Real-time preview address acquisition\r
    └── Hik-Connect_Team_Alarm/     # Alarm Push: Webhook management, event subscription\r
```\r
\r
---\r
\r
## 5. Security and Best Practices\r
\r
1.  **Token Security**: The Skills automatically caches Tokens locally. Please ensure the security of the running environment to prevent unauthorized reading of cache files in the `lib/` directory.\r
2.  **HTTPS Mandatory Requirement**: All Webhook callbacks from the HCT platform must use HTTPS. It is recommended to use `ngrok` or `cpolar` with SSL certificates for secure access.\r
3.  **Signature Verification**: In the Alarm module, be sure to configure `signSecret` and implement HMAC-SHA256 signature verification on your receiving end to prevent forged alarm pushes.\r
4.  **Error Handling**: All scripts return standard JSON format. If `success` is `false`, please check the `message` field for detailed error reasons.\r
\r
---\r

安全使用建议

This package appears to implement what it claims, but review these items before using: 1) Registry metadata omission: the registry lists no required env vars but the code requires HIK_CONNECT_TEAM_OPENAPI_APP_KEY and HIK_CONNECT_TEAM_OPENAPI_SECRET_KEY — set env vars or inspect token_manager.py to understand fallback behavior. 2) Inspect lib/token_manager.py and modules/*/scripts/server.js for any unexpected network calls, logging, or credential handling (these are the highest-risk files). 3) If you don't want this skill to read credentials from disk, ensure the exact OpenClaw config files (~/.openclaw/config.json, gateway/config.json, channels.json) do not contain sensitive keys, or set the env vars instead. 4) If you enable the Alarm webhook (server.js), run it in a controlled network environment (do not expose port 3090 publicly without a reverse proxy and TLS), and examine package.json/server.js for any third-party callbacks or forwarding logic. 5) Create limited-permission Hik-Connect app credentials for testing, rotate keys regularly, and consider disabling token caching during initial testing (HIK_CONNECT_TEAM_TOKEN_CACHE=0). If you want greater assurance, ask the author for an explicit list of file access and outbound endpoints or provide the full token_manager.py and server.js for manual review.

功能分析

Type: OpenClaw Skill Name: hik-connect-team-skill Version: 1.0.0 The skill bundle integrates Hik-Connect for Teams (HCT) and exhibits high-risk behaviors, primarily the automated reading of sensitive OpenClaw configuration files from the user's home directory (~/.openclaw/config.json, channels.json) to retrieve credentials and gateway settings (lib/token_manager.py). It also includes a Node.js server (modules/Hik-Connect_Team_Alarm/scripts/server.js) that establishes a local network listener to forward webhook data to the OpenClaw gateway. While these capabilities are documented and plausibly required for the stated purpose of device management and alarm monitoring, the broad file system access and network activity represent a significant security risk without further isolation.

能力标签

cryptorequires-oauth-tokenrequires-sensitive-credentials

能力评估

ℹ Purpose & Capability

The code files and SKILL.md align with the stated purpose: resource management, video capture/streaming, ACS control, and webhook-based alarm push for Hik-Connect for Teams. However the registry metadata lists no required environment variables while the SKILL.md and module metadata clearly require HIK_CONNECT_TEAM_OPENAPI_APP_KEY and HIK_CONNECT_TEAM_OPENAPI_SECRET_KEY — a mismatch that could lead to surprise behavior at runtime.

ℹ Instruction Scope

Runtime instructions and scripts stay within the stated domain (calling HCTOpen APIs, obtaining tokens, caching tokens, and optionally running a local webhook server). They explicitly read credentials from environment variables and (as a fallback) from OpenClaw config files (~/.openclaw/*.json). Reading those config files is justified for fallback, but it does access user config paths and therefore can obtain credentials from disk if env vars are not set — the SKILL.md documents this, but you should confirm it only reads the declared channel entry (the docs claim it only reads channels.hik_connect_team_openapi).

✓ Install Mechanism

There is no install spec — this is an instruction-and-code bundle. That is lower-risk than arbitrary download/install steps. The package includes Python scripts and a Node.js webhook server (server.js) but does not attempt to fetch or execute external installers. The README warns Node is required for the webhook service.

⚠ Credentials

The functional credential needs are proportional (two Hik-Connect OpenAPI credentials + optional token cache flags). However the declared registry requirements are empty while SKILL.md and module metadata require HIK_CONNECT_TEAM_OPENAPI_APP_KEY and HIK_CONNECT_TEAM_OPENAPI_SECRET_KEY — this discrepancy is concerning. Also the code will read ~/.openclaw/*.json as fallback; if those files contain other sensitive channel entries, a misconfigured implementation could surface unintended secrets. Token caching in /tmp and suggested .env usage are documented, but confirm token_manager.py behavior before running.

✓ Persistence & Privilege

The skill does not request always:true and does not auto-enable itself. It will only run when you invoke its scripts or explicitly start its webhook server. The Webhook module includes a Node server intended to be started by the user (binds port 3090 in documentation) — this is expected for webhook functionality but is a potential exposure if started on a public interface without proper network controls.

版本历史

v1.0.0

Initial release of Hik-Connect Team Skills – an integration toolkit for Hik-Connect for Teams (HCT) device management. - Provides modular Python scripts for resource management, access control, device capture, video streaming, and alarm push. - Global configuration via environment variables or OpenClaw config files: requires AppKey and SecretKey. - Automatic token management and standardized error handling included. - Structured to support batch operations, real-time monitoring, and business system integration. - Detailed setup instructions and security best practices provided in documentation.

元数据

Slug hik-connect-team-skill

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

hik-connect-team-skill 是什么？

Hik-Connect for Teams (HCT) Developer Skills. Integrates a series of skills for managing and controlling HCT devices, including resource management, access c... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 52 次。

如何安装 hik-connect-team-skill？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install hik-connect-team-skill」即可一键安装，无需额外配置。

hik-connect-team-skill 是免费的吗？

是的，hik-connect-team-skill 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

hik-connect-team-skill 支持哪些平台？

hik-connect-team-skill 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 hik-connect-team-skill？

由 HikConnectTeamOpen（@hikconnectteam）开发并维护，当前版本 v1.0.0。

hik-connect-team-skill