← 返回 Skills 市场
xiaoai-ha-control
作者
believe3344
· GitHub ↗
· v1.1.0
· MIT-0
114
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install xiaoai-ha-control
功能描述
通过 Home Assistant + Xiaomi Miot 控制小爱音箱,并可选支持“小爱语音 → OpenClaw”的桥接。适用于两类场景:1) 用户要求“让小爱说一句… / 播报… / 通知…”、“告诉小爱… / 让小爱执行…”、“让小爱播放音频 / mp3 / 链接”时,使用本 skill 进行下行控制...
安全使用建议
Key things to check before installing:
- Expect to provide sensitive env vars even though the registry shows none: HA_URL, HA_TOKEN, XIAOAI_PLAY_TEXT_ENTITY_ID, XIAOAI_EXECUTE_TEXT_ENTITY_ID, XIAOAI_MEDIA_PLAYER_ENTITY_ID (and optionally OPENCLAW_BIN). Do not commit or share your .env containing HA_TOKEN.
- The bridge (bridge_server.py) binds to 0.0.0.0:8765 by default. If you run it, restrict access with a firewall, bind it to localhost, or configure a reverse proxy that requires authentication so it isn't reachable from untrusted networks.
- The bridge executes local subprocesses (openclaw and the xiaoai scripts) and writes logs/status files in the skill directory. Review the code to ensure prompts and outputs meet your privacy needs; consider running it in a confined account or container.
- The README references whitelist.json.example and copying a whitelist; verify that whitelist.json exists before enabling forwarding. Use the whitelist to avoid forwarding device-control commands you want Xiaoai to handle natively.
- If you plan to enable autostart (systemd/launchd), follow the README's launchd notes: do not double-daemonize, and ensure PATH/OPENCLAW_BIN are explicitly set in the service environment.
If these points are acceptable and you harden network exposure and protect HA_TOKEN, the skill's behavior is coherent with its stated purpose. If you cannot restrict the bridge port or do not want local services to invoke OpenClaw automatically, do not enable the bridge component.
功能分析
Type: OpenClaw Skill
Name: xiaoai-ha-control
Version: 1.1.0
The skill bundle provides a legitimate integration between OpenClaw and Home Assistant for controlling Xiaomi speakers. It facilitates both 'downlink' control (making the speaker talk or execute commands via xiaoai_say.sh and xiaoai_execute.sh) and an 'uplink' bridge (bridge_server.py) that receives voice commands from Home Assistant. While the bridge server runs unauthenticated on the local network and executes shell commands via subprocess, these are functional requirements for its stated purpose. The scripts demonstrate security awareness by using Python's json.dumps to properly escape user-provided strings before inclusion in shell-executed curl commands, mitigating common injection risks.
能力评估
Purpose & Capability
The skill's name/description align with the code and scripts: the shell scripts and bridge_server.py legitimately need a Home Assistant URL/token and entity IDs to control Xiaoai and to forward Xiaoai conversation text to OpenClaw. However the registry metadata lists no required environment variables while the SKILL.md and scripts clearly expect HA_URL, HA_TOKEN, XIAOAI_*_ENTITY_ID and optionally OPENCLAW_BIN — this mismatch is an inconsistency that should be fixed/verified before use.
Instruction Scope
SKILL.md and the scripts stay within the stated domain (calling Home Assistant APIs, invoking local OpenClaw, and optionally running a local bridge). The bridge_server.py runs subprocesses (calls the openclaw binary and the included xiaoai.sh), writes status/log files in the skill directory, and accepts POSTs to forward text to OpenClaw. These behaviors are expected for a bridge but grant the service permission to run local commands and produce network I/O — review and control where the bridge is reachable and which prompts it sends to OpenClaw.
Install Mechanism
This is an instruction-only skill with bundled scripts and Python code; there is no remote download/install step. No external installers or arbitrary archive downloads are used, so installation risk is limited to running the included code locally.
Credentials
The runtime needs sensitive credentials (Home Assistant long-lived access token) and entity IDs as documented in SKILL.md and the scripts, but the registry metadata did not declare these required env variables. Storing HA_TOKEN in a local .env file is necessary for operation; protect it. The bridge also requires an OPENCLAW_BIN (or will call 'openclaw' from PATH), which may cause the bridge to invoke the main agent and therefore generate outbound model activity — this is expected but sensitive.
Persistence & Privilege
bridge_server.py listens by default on 0.0.0.0:8765 and start_bridge.sh instructs running it as a daemon / via systemd/launchd. That makes the bridge a persistent network service; if started on a machine with public network exposure it could accept unsolicited requests unless firewalling/restricting is applied. The skill does not request unusual system privileges, but its default network binding and suggested persistent setup are notable security considerations.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install xiaoai-ha-control - 安装完成后,直接呼叫该 Skill 的名称或使用
/xiaoai-ha-control触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Docs aligned with latest bridge architecture; default bridge_auto_say_enabled=false; main owns XiaoAI spoken output by default; improved launchd guidance, whitelist config docs, and bridge logging semantics; removed sensitive runtime files from publish bundle.
v1.0.0
首发版本:支持通过 Home Assistant 控制小爱音箱(say/exec/play),可选小爱→OpenClaw 语音桥接,白名单可自定义配置,bridge 支持 --daemon 后台运行
元数据
常见问题
xiaoai-ha-control 是什么?
通过 Home Assistant + Xiaomi Miot 控制小爱音箱,并可选支持“小爱语音 → OpenClaw”的桥接。适用于两类场景:1) 用户要求“让小爱说一句… / 播报… / 通知…”、“告诉小爱… / 让小爱执行…”、“让小爱播放音频 / mp3 / 链接”时,使用本 skill 进行下行控制... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 114 次。
如何安装 xiaoai-ha-control?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install xiaoai-ha-control」即可一键安装,无需额外配置。
xiaoai-ha-control 是免费的吗?
是的,xiaoai-ha-control 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
xiaoai-ha-control 支持哪些平台?
xiaoai-ha-control 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 xiaoai-ha-control?
由 believe3344(@believe3344)开发并维护,当前版本 v1.1.0。
推荐 Skills