← 返回 Skills 市场
S2 Mothership [3.22 Native]
作者
MilesXiang
· GitHub ↗
· v1.1.3
· MIT-0
133
总下载
0
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install s2-space-agent-os-mothership
功能描述
A spatial logic framework for Openclaw. Provides local state compression and coordinate management safely isolated in user space.
安全使用建议
This package contains many source files that implement local databases, device adapters (Tuya, Home Assistant), LLM calls to localhost, and a vault/backup system — so its behavior broadly matches a home-agent OS. However: 1) metadata inconsistencies (registry says no env vars/binaries, SKILL.md lists several) are red flags — ask the publisher to correct and explain them; 2) do not provide HA_TOKEN/TUYA_SECRET or other secrets until you (or a trusted reviewer) have audited the actuator adapter code paths that use them; 3) verify that the code truly refuses network/cloud calls when credentials are absent (search for unconditional requests.post calls or code paths that fall back to cloud); 4) run the package in an isolated sandbox or VM first (no real home devices, no real tokens) and monitor network traffic and filesystem writes; 5) inspect handler.py and any entrypoint for exec() usage or dynamic code execution, and search files for hidden/control characters or obfuscated strings; 6) the repeated dual-licensing/legal notices are unusual — ensure the license terms meet your intended use (they claim non-commercial only). Given the mismatches and the prompt-injection signal, treat this skill as suspicious until you can confirm the code and runtime behavior.
功能分析
Type: OpenClaw Skill
Name: s2-space-agent-os-mothership
Version: 1.1.3
This bundle is a comprehensive framework for spatial management and IoT orchestration. It implements high-risk capabilities such as port scanning for device discovery (universal_scanner.py, s2_vision_projection.py) and system-level network metadata retrieval via 'arp' commands (s2_fortress_boot.py), but these are clearly aligned with its stated purpose as a smart home 'Mothership.' The code demonstrates security awareness through the inclusion of SSRF protections in its hardware adapters (e.g., s2_ha_local_adapter.py) and lacks any indicators of malicious intent, such as data exfiltration or unauthorized persistence.
能力评估
Purpose & Capability
The skill's description (spatial logic / local state compression) is consistent with the included Python modules (chronos, vault, actuators, adapters). However the registry metadata claims 'required env vars: none' and 'required binaries: none', while the SKILL.md frontmatter lists environment variables (HA_TOKEN, TUYA_CLIENT_ID, TUYA_SECRET, S2_PRIVACY_CONSENT, etc.), required binaries (python3, sqlite3) and pip packages. Also the package is marked 'instruction-only' in the registry but the bundle contains many code files — these metadata vs. content mismatches are incoherent and warrant caution.
Instruction Scope
SKILL.md allows tools exec, file_read, file_write, http_request and its code shows network calls (requests) to localhost LLM endpoints and cloud adapters (Tuya/HA). Files perform local DB writes, create hidden mirror directories, and read files under their own data dirs. That activity is coherent for a home automation/agent OS, but the instructions claim strict sandboxing and 'will exit if env vars are not provided' — you should verify those checks (they may be present but rely on code paths). SKILL.md also includes embedded full source and a statement that unicode-control-chars were removed, yet a prompt-injection pattern was detected; this ambiguity plus the allowed exec/http_request privileges increases risk if secrets are provided.
Install Mechanism
No install spec is provided (instruction-only), which reduces installer-level risk. However the repository includes many Python modules and a requirements.txt; installing or running this skill will likely require creating files and running Python code locally. Because there is no formal install process declared, how those files are placed and executed is unclear — inspect run-time entrypoints or handler.py before executing.
Credentials
SKILL.md frontmatter requests several sensitive environment values (HA_TOKEN, TUYA_CLIENT_ID, TUYA_SECRET) and flags for real actuation. Those credentials are plausible for a smart-home actuator skill, but the registry metadata claims no required env vars — an unexplained mismatch. Granting cloud tokens would allow the skill to call external APIs; if you don't trust the author or haven't inspected adapters (s2_tuya_cloud_adapter, s2_ha_local_adapter), do not provide secrets.
Persistence & Privilege
always is false and autonomous invocation is allowed (platform default). The code creates user-space directories (s2_data_cache, s2_state_backup, s2_local_context_logs) and writes databases & signatures; that is expected for a stateful agent. There is no manifested request to modify other skills or system-wide configs, but the skill does create a hidden mirror directory and writes signature files — reasonable for a vault/backup feature but verify paths and permissions locally. Because the agent can perform exec and http_request, giving it secrets increases its blast radius; combine that with the other inconsistencies before granting persistent privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install s2-space-agent-os-mothership - 安装完成后,直接呼叫该 Skill 的名称或使用
/s2-space-agent-os-mothership触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.3
- Added 17 new files, primarily under the s2-clean-v112/.git/ directory, including hooks and info folders.
- No changes to core skill logic or user-facing documentation.
- No visible updates to SKILL.md; version number remains at 1.1.0 in documentation.
v1.1.2
- Migrated core skill files from s2-os-core/ to s2-clean-v112/, reflecting a major directory structure refactor.
- All 64 module and support files were replaced with updated versions, maintaining functionality coverage.
- No changes to SKILL.md metadata or descriptive documentation.
- No updates or additions to public APIs, configuration parameters, or user-facing features.
v1.1.1
v1.1.1 Security & Compliance Update:
Formatted YAML metadata so the registry correctly parses all required ENV vars (HA_TOKEN, TUYA_CLIENT_ID, S2_PRIVACY_CONSENT, etc.) and bins.
Hard-sandboxed the local context sync tool. Removed all cross-directory "memory-hook" logic. It now strictly isolates to its own ./s2_local_context_logs and DOES NOT read other agents' logs.
Removed all hidden directories (e.g., .s2_raid_mirror_vault) to comply with persistence policies.
Cleaned up unicode control characters and legacy comments. Fully aligned with 3.22 safety guidelines.
v1.1.0
- Full 3.22 SDK and Plugin compatibility: refactored S2 Mothership to support Openclaw 2026.3.22-beta.1 and the new Heartbeat mechanism.
- Added Silicon Three Laws safety hypervisor with instant physical circuit breaker to block unsafe commands before reaching actuators.
- Introduced OS-level privacy consent and strict zero-trust actuator token management for enhanced security.
- Provides a 4D TSDB Memory Array (Chronos) for robust spatial and temporal memory.
- Supports spatial pod assignment, enabling coordinated multi-agent deployments across different physical spaces.
- Compatible with ClawHub as the new primary distribution and designed for seamless multi-room orchestration.
元数据
常见问题
S2 Mothership [3.22 Native] 是什么?
A spatial logic framework for Openclaw. Provides local state compression and coordinate management safely isolated in user space. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 133 次。
如何安装 S2 Mothership [3.22 Native]?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install s2-space-agent-os-mothership」即可一键安装,无需额外配置。
S2 Mothership [3.22 Native] 是免费的吗?
是的,S2 Mothership [3.22 Native] 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
S2 Mothership [3.22 Native] 支持哪些平台?
S2 Mothership [3.22 Native] 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 S2 Mothership [3.22 Native]?
由 MilesXiang(@spacesq)开发并维护,当前版本 v1.1.3。
推荐 Skills