← 返回 Skills 市场
4970
总下载
3
收藏
30
当前安装
4
版本数
在 OpenClaw 中安装
/install xiaomi-home
功能描述
[English] Control Xiaomi Home devices via local LAN using miiocli. Supports status checks, toggling power, and MIOT property manipulation for devices like smart plugs, humidifiers, and rice cookers. | [中文] 通过局域网利用 miiocli 控制米家智能设备。支持查看状态、开关控制以及对智能插座、加湿器、电饭煲等 MIOT 设备的属性调优。
安全使用建议
Review before installing. Remove and rotate any exposed Xiaomi device tokens if they belong to you, do not publish or commit token inventories, avoid passing account passwords on the command line, keep debug logging off, and require explicit confirmation before commands that power or change appliances, cameras, routers, or other physical devices.
功能分析
Type: OpenClaw Skill
Name: xiaomi-home
Version: 1.2.1
The skill is classified as suspicious due to its high-risk capabilities, despite lacking clear evidence of intentional malicious behavior. The `scripts/token_extractor.py` script requires the user's Xiaomi account credentials (username/password or QR code) to log into Xiaomi Cloud, then extracts sensitive device tokens and IPs. This script performs network requests to external Xiaomi cloud services (e.g., `account.xiaomi.com`, `api.io.mi.com`) and starts a local HTTP server on port 31415 for displaying CAPTCHA or QR codes. Additionally, the `SKILL.md` includes an installation command that executes shell commands (`pipx install python-miio && /Users/$(whoami)/.local/pipx/venvs/python-miio/bin/python -m pip install 'click<8.1.0'`). While these actions are aligned with the stated purpose of controlling Xiaomi devices, the handling of sensitive credentials and tokens, combined with network and shell access, represents a significant security risk if the script were compromised or misused.
能力评估
Purpose & Capability
Local Xiaomi device control via miiocli is coherent with the stated purpose, and token discovery can support setup, but the artifact also bundles a private-looking inventory with real-looking tokens for plugs, cameras, routers, and other devices.
Instruction Scope
The skill maps natural-language requests to commands that can change physical device state, including plugs, humidifiers, and cookers, without clear confirmation or safety boundaries.
Install Mechanism
The install metadata runs a disclosed pipx install for python-miio and a click dependency adjustment; this is purpose-aligned but executes shell commands and depends on external Python packages.
Credentials
The token extractor logs into Xiaomi Cloud by password or QR flow, contacts Xiaomi account/API endpoints, retrieves device tokens and BLE keys, and can expose QR/captcha images through a local HTTP server bound on all interfaces.
Persistence & Privilege
The documentation tells users to store IPs and tokens in markdown for agent recall, and the package includes references/my_private_devices.md marked sensitive with real-looking plaintext tokens.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install xiaomi-home - 安装完成后,直接呼叫该 Skill 的名称或使用
/xiaomi-home触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.1
v1.2.1 升级:ClawdHub 详情页及 SKILL 说明全面支持中英双语,方便全球开发者使用。
v1.2.0
v1.2.0 升级:引入了意图映射表,标准化了控制逻辑,增强了对 MIOT 协议设备(如热水器插座)的精准控制指令。
v1.1.0
新增:内置了 Token 提取脚本(scripts/token_extractor.py),现在用户可以直接运行本地脚本来获取设备钥匙了。
v1.0.0
初始版本:支持通过代码硬控米家 WiFi 设备,包含依赖冲突修复逻辑。
元数据
常见问题
小米家居 (Xiaomi Home) 是什么?
[English] Control Xiaomi Home devices via local LAN using miiocli. Supports status checks, toggling power, and MIOT property manipulation for devices like smart plugs, humidifiers, and rice cookers. | [中文] 通过局域网利用 miiocli 控制米家智能设备。支持查看状态、开关控制以及对智能插座、加湿器、电饭煲等 MIOT 设备的属性调优。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 4970 次。
如何安装 小米家居 (Xiaomi Home)?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install xiaomi-home」即可一键安装,无需额外配置。
小米家居 (Xiaomi Home) 是免费的吗?
是的,小米家居 (Xiaomi Home) 完全免费(开源免费),可自由下载、安装和使用。
小米家居 (Xiaomi Home) 支持哪些平台?
小米家居 (Xiaomi Home) 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 小米家居 (Xiaomi Home)?
由 Pegasus02(@pegasus02)开发并维护,当前版本 v1.2.1。
推荐 Skills