← 返回 Skills 市场
spacesq

S2 Spatial Adapters

作者 MilesXiang · GitHub ↗ · v2.0.7 · MIT-0
cross-platform ⚠ suspicious
131
总下载
0
收藏
0
当前安装
9
版本数
在 OpenClaw 中安装
/install s2-spatial-adapters
功能描述
Provides a unified, cryptographically secure interface to control Home Assistant, Xiaomi Mijia, and Tuya IoT devices with ephemeral zero-trust connections.
安全使用建议
This skill's code implements exactly what it says (HA REST, Xiaomi UDP, Tuya cloud). Before installing: (1) don't trust the top-level metadata that claimed 'no required env vars' — the manifest and SKILL.md require several sensitive secrets; (2) never set S2_ENABLE_REAL_ACTUATION=True unless you intentionally want the agent to be able to actuate hardware; test in dry-run first; (3) grant the minimal network access possible (eg. run in a network segment that can reach only the intended local devices and/or Tuya endpoints); (4) store credentials in a secure vault and inject them at runtime (do not place in .env); (5) review and/or run the included code in an isolated environment to confirm no hidden endpoints or telemetry are present; and (6) if you plan to let an autonomous agent use this skill, restrict that agent's permissions and logging, and require human approval for sensitive actions (locks, doors, HVAC). The metadata mismatches lower confidence in how this package was registered — treat it with caution and verify configuration before enabling real actuations.
功能分析
Type: OpenClaw Skill Name: s2-spatial-adapters Version: 2.0.7 The S2-Spatial-Adapters bundle is a legitimate smart home integration tool for Home Assistant, Xiaomi Mijia, and Tuya IoT. It exhibits strong security practices, including SSRF protection for local network requests in s2_ha_local_adapter.py, strict domain whitelisting for cloud endpoints in main.py, and proactive credential 'wiping' in the secure_teardown methods across all adapters. No evidence of data exfiltration, malicious execution, or prompt-injection attacks was found; the code is well-structured and aligns perfectly with its stated purpose.
能力评估
Purpose & Capability
Name/description claim a unified zero-trust interface for HA, Mijia, and Tuya — the code (three adapters + main.py) implements exactly those protocols and the manifest lists appropriate dependencies. HOWEVER the top-level registry metadata in the submission indicated 'Required env vars: none' while the manifest and SKILL.md clearly require multiple sensitive environment variables (S2_ENABLE_REAL_ACTUATION, HA_BEARER_TOKEN, MIJIA_DEVICE_TOKEN, TUYA_ACCESS_ID/SECRET, etc.). That metadata mismatch is an coherence issue (not an immediate safety exploit) and could mislead automated gating systems.
Instruction Scope
SKILL.md and main.py give a narrow, well-defined runtime contract: run python main.py <protocol> <element> <device_id> '<intent_json>' with environment-injected credentials; all adapters validate inputs, perform SSRF/private-IP checks, redact payloads in logs, and provide a 'dry-run' when S2_ENABLE_REAL_ACTUATION is not set. The s2_commander_agent.json instructs an agent to emit those CLI invocations (including deterministic/low-temperature generation), which is explicit rather than vague.
Install Mechanism
There is no install spec in the registry (instruction-only install), but the package includes Python code and a requirements.txt (requests, pycryptodome). This is low-to-moderate risk — nothing is downloaded from arbitrary URLs, but an installer step (pip install -r requirements.txt) is expected and dependencies are pinned. The absence of an explicit install step in registry metadata is an inconsistency to be aware of.
Credentials
The code legitimately needs device credentials and a global 'real actuation' flag, and the manifest documents these env vars as sensitive. That is proportionate to the stated purpose. The concern is twofold: (1) the registry summary incorrectly claimed 'no required env vars', creating a metadata mismatch; (2) these are high-sensitivity secrets (access tokens, device keys). Because the skill is designed to allow actual physical actuations when S2_ENABLE_REAL_ACTUATION=True, giving these secrets to the runtime (or to an autonomous agent) carries real-world risk. Confirm who controls the runtime env and where secrets are stored before enabling.
Persistence & Privilege
The skill is not set to always:true and does not attempt to modify other skills or system-wide configs. Autonomous agent invocation is allowed (disable-model-invocation=false) which is expected for tools intended for agents; combine this with real-actuation credentials and it can cause physical effects, but that is a usage risk rather than an elevated platform privilege. No evidence the skill persists credentials beyond its own lifecycle (it attempts to wipe them in secure_teardown).
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install s2-spatial-adapters
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /s2-spatial-adapters 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.7
- Added README.md with documentation or usage instructions. - Introduced new agent configuration file: s2_commander_agent.json. - Updated manifest.json for compatibility or metadata changes. - No changes to core functionality described in SKILL.md.
v2.0.6
- Version bump to 2.0.6; no source or documentation changes detected. - All functionality, documentation, and usage remain unchanged from the previous version.
v2.0.5
Version 2.0.5 contains no code or documentation changes. - No file changes detected in this release. - All features and documentation remain as in version 2.0.2.
v2.0.4
- Version bump to 2.0.4 with no code or documentation changes. - No modifications detected to any files.
v2.0.3
s2-spatial-adapters v2.0.3 - Removed the sample environment template file (env_template.txt) from the repository. - No changes to documentation, usage, or code functionality.
v2.0.2
- Removed the README.md file from the project. - Updated SKILL.md: - Strengthened guidance to require environment variables (do not use local .env files in production). - Clarified security best practices for credential injection and dereferencing. - Highlighted anti-injection validation and application-level memory safety. - Streamlined documentation for agent prompt schema and execution examples.
v2.0.1
No file or code changes; documentation updated only. - SKILL.md improved to clarify security philosophy regarding credential handling. - Now explicitly states that physical RAM wiping isn't possible in Python; instead, application-level best-effort dereferencing is enforced post-actuation. - Updated description to reflect Python's memory management limitations and the use of variable reassignment to expedite credential cleanup. - No user-facing changes to code or functionality.
v2.0.0
**S2-Spatial-Adapters 2.0.0: Major upgrade focused on security, transparency, and zero-trust architecture.** - Switched to a production-ready, fully audited, “no placeholder” code and documentation model. - Added `env_template.txt` and `requirements.txt` for robust environment and dependency management. - Enforced strict JSON schema whitelisting and prompt-injection defense in the main entrypoint. - All legacy/placeholder code (e.g., `s2_spatial_adapters.py`) removed for clarity and accuracy. - Updated SKILL.md with detailed operational syntax and examples, ensuring zero hallucination in agent calls. - Integrated global secure teardown: adapter memory is wiped after each execution for zero-trust compliance.
v1.0.0
S2-Spatial-Adapters 1.0.0 – Initial Release - Introduces a unified, cryptographically secure interface for controlling Home Assistant, Xiaomi Mijia, and Tuya IoT devices. - Leverages S2 Spatial Tensors for vendor-agnostic commands: LUMINA (lighting), CLIMATE (HVAC), and SENTINEL (security). - Implements zero-trust, ephemeral connections that immediately wipe authentication tokens after use. - Configuration follows cloud-native best practices—no credentials are hardcoded, with dry-run fallback for missing configs. - Provides clear agent execution instructions with structured protocol examples. - Includes built-in SSRF protection and liability warnings for physical actuation.
元数据
Slug s2-spatial-adapters
版本 2.0.7
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 9
常见问题

S2 Spatial Adapters 是什么?

Provides a unified, cryptographically secure interface to control Home Assistant, Xiaomi Mijia, and Tuya IoT devices with ephemeral zero-trust connections. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 131 次。

如何安装 S2 Spatial Adapters?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install s2-spatial-adapters」即可一键安装,无需额外配置。

S2 Spatial Adapters 是免费的吗?

是的,S2 Spatial Adapters 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

S2 Spatial Adapters 支持哪些平台?

S2 Spatial Adapters 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 S2 Spatial Adapters?

由 MilesXiang(@spacesq)开发并维护,当前版本 v2.0.7。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论