← 返回 Skills 市场
drkavner

Omi Integration

作者 Dr Amanda Kavner · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
341
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install omi-integration
功能描述
Sync recordings from Omi AI wearables (Omi, Limitless, etc.) via API and webhooks. Auto-sync transcripts, process recordings, and organize by device/date.
安全使用建议
This skill implements the advertised sync/webhook features, but review these before installing or exposing it: - Required binaries mismatch: ensure you have python3 and ngrok installed in addition to curl and jq; the SKILL metadata omits python3/ngrok. - Secure your webhook: set OMI_WEBHOOK_SECRET before exposing the webhook (ngrok will make the endpoint public). Without a secret anyone can send events to your server. - Fix path traversal risk: the webhook handler uses recording IDs from incoming JSON to build filesystem paths without sanitization. If the webhook is reachable an attacker could craft a recording_id containing '../' or other segments to create/overwrite files outside the intended storage. Only run the server publicly after adding input validation or forcing canonical/safe filenames (strip or reject slashes, normalize and ensure paths remain under the storage directory). - Audit exposed behaviors: the server runs handler scripts with untrusted network input; check/limit what the handler does, and consider running the webhook server behind a firewall or proxy that restricts source IPs or requires authentication. - Missing or misleading docs: PROJECT.md mentions other scripts and registries not included in this package — be cautious that the repo metadata may reflect a larger project and not all components are bundled here. If you plan to use this skill: - Run it locally first, do not expose via ngrok until you set a webhook secret and verify that recording IDs are sanitized. - Consider running the webhook server under a dedicated, limited account or container to reduce blast radius. - If you cannot audit or patch the handler, do not expose the webhook publicly.
功能分析
Type: OpenClaw Skill Name: omi-integration Version: 1.0.0 The skill implements a recording sync and real-time webhook system for Omi wearables, but exhibits high-risk behaviors including the automated setup of an ngrok tunnel (setup-ngrok.sh) and a background Python web server (webhook-server.py) that executes shell scripts. Furthermore, omi-webhook-handler.sh contains a path traversal vulnerability where it creates directories and writes files based on unvalidated recording_id fields from external webhook payloads, which could be exploited to write data outside the intended storage directory. While these features are aligned with the stated purpose of real-time integration, the combination of a public-facing tunnel and unvalidated file path construction presents a significant security risk.
能力评估
Purpose & Capability
The scripts and server implement the advertised features (API sync, webhook server, ngrok helper, local storage). However the SKILL metadata only declares curl and jq as required binaries while the runtime scripts also require python3 (webhook server) and ngrok (setup helper). PROJECT.md and other docs mention additional utilities and higher-level device registration scripts that are not included, which is inconsistent with the packaged files.
Instruction Scope
The webhook server and handler accept JSON payloads from the network and write data directly into ~/omi_recordings using fields from the payload (e.g., recording id, created_at) to build filesystem paths. The handler concatenates the recording id into a path without sanitization, which allows path-traversal-style payloads (e.g., recording_id containing '..' or absolute segments) to create or overwrite files outside the intended per-recording directory if the webhook endpoint is reachable and unprotected. The SKILL.md notes an optional webhook secret but does not require it; the setup instructions encourage exposing the endpoint with ngrok, which would make this attack surface public if the secret is not set.
Install Mechanism
This is instruction-only (no automated installer), which reduces automatic risk, but the provided scripts will be placed on disk and executed by the user. The runtime requires programs not declared in the metadata (python3 and ngrok). There is no packaged binary download; no installers are executed automatically by the skill.
Credentials
The skill does not request unrelated credentials or environment variables in the registry metadata. It asks the user to store an Omi API key in a file (~/.config/omi/api_key) and optionally uses OMI_WEBHOOK_SECRET/OMI_WEBHOOK_PORT environment variables. That is proportionate to its function. (Note: PROJECT.md references other credential files for a larger 'voice-capture-hub' that are not included here.)
Persistence & Privilege
The skill is not marked always:true and does not request system-wide privileges. It runs a local HTTP server and writes files under the user's home directory (~/omi_recordings and ~/.config/omi) which is expected for this functionality. It does not change other skills' configs.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install omi-integration
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /omi-integration 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of the omi-integration skill. - Sync and manage recordings from Omi AI wearables via API and webhooks - Auto-sync transcripts, process recordings, and organize by device/date - Real-time webhook handler for new recordings and transcript updates - Local storage of audio, transcripts, summaries, and metadata - Multi-device support with recordings tagged by device - Privacy-focused: local storage, API key encryption, no telemetry
元数据
Slug omi-integration
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Omi Integration 是什么?

Sync recordings from Omi AI wearables (Omi, Limitless, etc.) via API and webhooks. Auto-sync transcripts, process recordings, and organize by device/date. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 341 次。

如何安装 Omi Integration?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install omi-integration」即可一键安装,无需额外配置。

Omi Integration 是免费的吗?

是的,Omi Integration 完全免费(开源免费),可自由下载、安装和使用。

Omi Integration 支持哪些平台?

Omi Integration 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Omi Integration?

由 Dr Amanda Kavner(@drkavner)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论