← 返回 Skills 市场
251
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install xiaodu-iot
功能描述
小度智能设备控制技能。用于控制小度音箱、IoT设备、查看设备列表、语音播报等。当用户需要控制小度智能设备、查询设备状态、发送语音指令或管理智能家居时使用此技能。
安全使用建议
Before installing or running this skill:
- Inspect and verify credentials: the skill requires a Baidu/DuerOS ACCESS_TOKEN but the metadata doesn't declare it. Do not paste tokens into scripts; store them securely and confirm where the token is read from (mcporter config or env).
- Check required tooling: ensure mcporter, jq, and npx are present and trusted. npx will fetch the 'dueros-iot-mcp' package at runtime — review that package's source before allowing it to be fetched/executed.
- Review file writes: the scripts create/overwrite files under your home workspace (logs, device lists, and MEMORY.md). If you do not want device identifiers or control logs persisted, do not run the update scripts or run them in a sandboxed environment.
- Confirm paths and portability: files reference inconsistent paths (~/openclaw/workspace vs $HOME/.openclaw/workspace) and use sed -i '' (macOS style) which may behave unexpectedly on Linux — test in a safe environment first.
- Camera/resource capabilities: reference docs mention xiaodu_take_photo and push_resource_to_xiaodu (push images/audio/video). If your devices have cameras or can render resources, consider the privacy implications and ensure you trust the endpoints and tokens used.
Recommendations for the author or maintainer before you trust this skill:
- Add requires.env entries (e.g., ACCESS_TOKEN) and declare required binaries (mcporter, jq, npx).
- Provide an explicit install spec or a list of runtime dependencies and the exact npm package to be installed, plus a checksum or source link for the package.
- Make persistence explicit and optionally configurable (e.g., allow choosing workspace directory or a dry-run mode; do not silently update MEMORY.md).
If you are unsure or cannot verify the external npm package and token handling, run the skill only in an isolated environment (VM/container) and do not provide long-lived credentials.
功能分析
Type: OpenClaw Skill
Name: xiaodu-iot
Version: 1.0.0
The skill bundle is a well-structured integration for controlling Xiaodu (Baidu) smart home devices and speakers via the Model Context Protocol (MCP). It provides utility scripts for device discovery (update_devices.sh), batch IoT control (batch_control.sh), and voice broadcasting (speak_message.sh), all of which use standard tools like mcporter and jq. While the skill requires shell and network access to interact with the Xiaodu ecosystem, its behavior is strictly aligned with its stated purpose, and no evidence of data exfiltration, credential theft, or malicious intent was found.
能力评估
Purpose & Capability
The skill claims to control Xiaodu speakers and IoT devices (requires an ACCESS_TOKEN and MCP configuration), which is coherent with the included scripts. However the declared metadata lists no required environment variables or binaries while the code clearly expects an Access Token, the mcporter CLI, jq, and npx (for dueros-iot-mcp). This mismatch (missing declarations) is disproportionate and confusing.
Instruction Scope
SKILL.md and the scripts instruct the agent to run mcporter commands and to read/write files under the user's home workspace (e.g., ~/openclaw/workspace and $HOME/.openclaw/workspace). The scripts update log files and edit a MEMORY.md file (agent memory) which could persist device information. Paths are inconsistent across files (~/openclaw/workspace vs $HOME/.openclaw/workspace). The instructions do not declare or warn about persisting potentially sensitive device identifiers or tokens.
Install Mechanism
There is no install spec (instruction-only), which lowers install-time risk. However runtime commands (scripts and config_template.json) rely on npx to fetch the 'dueros-iot-mcp' npm package and on mcporter being present; npx will download code from npm at runtime if not already installed, which is a moderate risk and should be declared. No external archive downloads or obscure URLs were found.
Credentials
The skill metadata declares no required env vars, but config_template.json and SKILL.md assume an ACCESS_TOKEN (DuerOS token) and scripts expect to use it via mcporter/npx. The primary credential is not declared. Requesting an Access Token is appropriate for the stated purpose, but the omission from requires.env is an incoherence and may lead to accidental misconfiguration or token leakage.
Persistence & Privilege
always:false (good). The skill writes device lists, logs, and updates a MEMORY.md file in the user's workspace. Writing these files is plausible for a device-management skill, but the behavior is significant (persists device identifiers and logs). The skill does not ask to modify other skills or system-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install xiaodu-iot - 安装完成后,直接呼叫该 Skill 的名称或使用
/xiaodu-iot触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
xiaodu-iot 1.0.0 — Initial Release
- Introduces a comprehensive skill for controlling Xiaodu smart speakers and IoT devices.
- Supports device discovery, status query, voice commands, broadcast, and batch device control.
- Includes scene management (listing and triggering smart home scenes).
- Provides example scripts for device list updates, batch control, and voice broadcasting.
- Features automatic daily device list updates and troubleshooting guidance.
元数据
常见问题
xiaodu-iot 是什么?
小度智能设备控制技能。用于控制小度音箱、IoT设备、查看设备列表、语音播报等。当用户需要控制小度智能设备、查询设备状态、发送语音指令或管理智能家居时使用此技能。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 251 次。
如何安装 xiaodu-iot?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install xiaodu-iot」即可一键安装,无需额外配置。
xiaodu-iot 是免费的吗?
是的,xiaodu-iot 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
xiaodu-iot 支持哪些平台?
xiaodu-iot 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 xiaodu-iot?
由 vividlife(@vividlife)开发并维护,当前版本 v1.0.0。
推荐 Skills