← 返回 Skills 市场
enchantedmotorcycle

Mqtt Client

作者 enchantedmotorcycle · GitHub ↗ · v1.0.7
cross-platform ⚠ suspicious
2416
总下载
0
收藏
6
当前安装
8
版本数
在 OpenClaw 中安装
/install mqtt-client
功能描述
This is a simple client for connecting to an mqtt instance
安全使用建议
Do not run this skill as-is against real brokers or with real credentials. Key concerns: (1) bootstrap.sh hardcodes a /home/jc/.openclaw/... path and activates a venv that may not exist; (2) the script sources an .env (not listed in required envs) and run.py reads MQTT_USERNAME and MQTT_PASSWORD—inspect that .env to ensure it doesn't contain secrets you don't want exposed; (3) run.py subscribes to all topics ('#') and logs message payloads to stdout (logs may be aggregated or retained); (4) requirements.txt lists paho.mqtt but there's no automated pip install—ensure dependencies are installed in an isolated environment. Recommended steps before installing: inspect or create the .env contents, replace hard-coded paths with relative or runtime-determined paths, add explicit install steps (pip install -r requirements.txt) or documentation, enumerate required env vars in the skill manifest, and run the client in an isolated environment (container or throwaway VM) connected to a test broker. If you need stronger assurance, ask the author to remove absolute paths, explicitly declare required env vars, and provide a proper install script that creates a venv and installs dependencies.
功能分析
Type: OpenClaw Skill Name: mqtt-client Version: 1.0.7 The skill is classified as suspicious primarily due to the `source .env` command in `scripts/bootstrap.sh`. While intended for loading configuration, this command executes arbitrary shell commands found within the `.env` file. As the `.env` file is part of the skill bundle, a malicious skill developer could embed harmful shell commands (e.g., for data exfiltration or system modification) within it, which would then be executed by the agent. This represents a significant arbitrary code execution risk, even though the provided `run.py` script appears benign and uses environment variables for legitimate MQTT connection details.
能力评估
Purpose & Capability
The name/description match the included Python code (a simple MQTT subscriber). However the SKILL.md and files contradict the declared requirements: SKILL.md claims 'no parameters' and 'no required env vars', yet run.py reads MQTT_BROKER, MQTT_PORT, MQTT_TOPIC, MQTT_USERNAME, and MQTT_PASSWORD from the environment. bootstrap.sh expects a pre-created venv and an .env in a hard-coded /home/jc/.openclaw/... workspace path. These environment/config expectations are not declared in the skill metadata and look disproportionate to the stated 'simple client' purpose.
Instruction Scope
SKILL.md instructs running scripts/bootstrap.sh which sources an absolute path and an .env, then runs run.py. run.py subscribes to all topics ('#') and logs message payloads to stdout. The instructions do not document what .env must contain or where logs go. The agent would therefore load unspecified environment variables and could receive broad message traffic (potentially sensitive), contrary to the claim that 'no parameters' are required.
Install Mechanism
There is no install spec. requirements.txt lists paho.mqtt but bootstrap.sh does not install it nor create the venv; instead bootstrap.sh activates a venv at a hard-coded absolute path. That makes the script brittle and indicates the package expects a pre-initialized developer environment rather than a proper install step. This is an operational risk (will fail silently or unexpectedly) and increases the chance of accidental exposure if you run it without checking.
Credentials
The skill declares no required environment variables, yet run.py relies on multiple MQTT-related env vars (including username/password) and bootstrap.sh sources an .env file. Requiring unspecified secrets (via an .env) without declaring them is disproportionate and a transparency issue. Additionally, subscribing to '#' can surface many messages—if those messages are sensitive they could be logged where agent logs are collected.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It runs a short-lived (60s) background loop and performs no persistent configuration changes. Persistence/privilege level is appropriate.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install mqtt-client
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /mqtt-client 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.7
- Improved environment variable handling: bootstrap.sh now automatically loads .env file for connection details. - Updated documentation in SKILL.md to clarify .env loading behavior. - No functional changes to core client logic.
v1.0.6
- No user-facing changes; documentation and functionality remain the same. - File scripts/bootstrap.sh was modified, but the skill description and usage are unchanged.
v1.0.5
- Updated documentation to clarify that no parameters are required to use the skill. - Added instructions for using `scripts/bootstrap.sh` to set up the Python environment and connect to MQTT. - Updated resource section to reflect changes in setup and execution instructions.
v1.0.4
- Updated scripts/bootstrap.sh (details not specified) - No changes to documentation or core functionality.
v1.0.3
- Added bootstrap script: scripts/bootstrap.sh to assist with setup or initialization tasks.
v1.0.2
- Added requirements.txt to specify Python package dependencies for the skill.
v1.0.1
- Improved SKILL.md formatting with a more visible "# mqtt-client" header. - No changes to functionality; documentation update only.
v1.0.0
mqtt-client 1.0.0 - Initial release of a simple MQTT client. - Maintains a background connection to a specified MQTT queue and tracks messages. - Connection details are loaded from environment variables. - Run the client using scripts/run.py.
元数据
Slug mqtt-client
版本 1.0.7
许可证
累计安装 6
当前安装数 6
历史版本数 8
常见问题

Mqtt Client 是什么?

This is a simple client for connecting to an mqtt instance. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2416 次。

如何安装 Mqtt Client?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install mqtt-client」即可一键安装,无需额外配置。

Mqtt Client 是免费的吗?

是的,Mqtt Client 完全免费(开源免费),可自由下载、安装和使用。

Mqtt Client 支持哪些平台?

Mqtt Client 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Mqtt Client?

由 enchantedmotorcycle(@enchantedmotorcycle)开发并维护,当前版本 v1.0.7。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论