← Back to Skills Marketplace

华米(Zepp/原小米)运动刷步数

Name: 华米(Zepp/原小米)运动刷步数
Author: ckxgzxa

by Xi'ao Zhao · GitHub ↗ · v1.0.0 · MIT-0

linuxdarwinwin32 ⚠ suspicious

120

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install xiaomi-brush-steps

Description

华米运动(Zepp/小米运动)自动刷步数技能，支持多账号管理。当用户提到刷步数、修改运动步数、华米运动、小米运动、手环步数时触发。

Usage Guidance

This skill implements exactly what it claims (automatically submitting steps), but it requires you to provide real account usernames and passwords and stores them in config.json in plaintext. Before installing or running it: (1) review the scripts yourself — especially the large encoded payload in huami.py — to ensure there is no unexpected network/callback behavior; (2) avoid using your primary accounts (use a throwaway/test account); (3) set strict file permissions (chmod 600 config.json) and run on an isolated/local machine if possible; (4) be aware that automating step submissions may violate Huami/Zepp terms of service and could lead to account action; (5) if you plan to use cron, understand that it will run autonomously with stored credentials; and (6) if you are uncomfortable auditing the code, do not provide real credentials.

Capability Analysis

Type: OpenClaw Skill Name: xiaomi-brush-steps Version: 1.0.0 The skill is designed to automate step count modification for Zepp/Xiaomi (Huami) accounts. It is classified as suspicious because it explicitly instructs the AI agent in SKILL.md to solicit sensitive user credentials (usernames and passwords) and store them in plain text within a local 'config.json' file, creating a significant security risk. Furthermore, SKILL.md directs users to third-party websites (e.g., steps.hubp.de and yanwan.store) for testing, which could be used for credential harvesting. While the technical implementation in 'scripts/huami.py' appears to be a standard implementation of the Huami API protocol using known AES keys, the handling of user secrets and the promotion of external sites are high-risk behaviors.

Capability Tags

cryptorequires-oauth-tokenrequires-sensitive-credentials

Capability Assessment

✓ Purpose & Capability

Name/description match what the code does: Python scripts that log in to Zepp/Huami APIs and submit step data. Declared binaries and Python packages (requests, pycryptodome) are appropriate for network calls and AES usage in the code. No unrelated cloud credentials or services are requested.

ℹ Instruction Scope

SKILL.md explicitly instructs the agent to collect account usernames and passwords and store them in config.json, then run the bundled scripts and optionally create cron jobs. That is within the functional scope but is sensitive: it instructs collection and local storage of plaintext credentials and points users to third-party testing sites. The instructions do not ask the agent to exfiltrate data to unexpected endpoints, but they do grant broad discretion to prompt the user for credentials and schedule automated runs.

✓ Install Mechanism

No install spec or external download; the skill ships code files and is executed with python3. No remote installers or archive extracts are used, which reduces supply-chain risk.

ℹ Credentials

The skill requests no platform env vars or injected credentials. It does rely on user-supplied account credentials (username/password) which are necessary for its purpose but are stored in plaintext in config.json (SKILL.md also warns about this). The code optionally reads USE_FAKE_IP from the environment although that env var is not declared in metadata — minor mismatch. Hardcoded AES key/IV are present in code (used to format the login payload).

✓ Persistence & Privilege

Skill is not always-enabled, does not request elevated or persistent platform privileges, and does not modify other skills or system-wide agent settings. It does instruct creating cron jobs only if the user asks, which is a normal user-controlled action.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install xiaomi-brush-steps
After installation, invoke the skill by name or use /xiaomi-brush-steps
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

华米运动修改步数 v1.0.0 - 支持 Zepp Life (小米运动) 多账号自动刷步数，可自定义步数范围。 - 通过关键词（如“刷步数”“手环步数”）自动触发，兼容邮箱/手机号登录。 - 提供首次配置引导，支持查看/添加账号信息。 - 刷步结果详细报告，清晰标注成功或失败账号与步数。 - 支持定时任务设置，实现每日自动刷步，并给出渐进刷步建议。 - 增强安全提示，提醒本地明文密码的存储风险。

Metadata

Slug xiaomi-brush-steps

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is 华米(Zepp/原小米)运动刷步数?

华米运动(Zepp/小米运动)自动刷步数技能，支持多账号管理。当用户提到刷步数、修改运动步数、华米运动、小米运动、手环步数时触发。 It is an AI Agent Skill for Claude Code / OpenClaw, with 120 downloads so far.

How do I install 华米(Zepp/原小米)运动刷步数?

Run "/install xiaomi-brush-steps" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 华米(Zepp/原小米)运动刷步数 free?

Yes, 华米(Zepp/原小米)运动刷步数 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does 华米(Zepp/原小米)运动刷步数 support?

华米(Zepp/原小米)运动刷步数 is cross-platform and runs anywhere OpenClaw / Claude Code is available (linux, darwin, win32).

Who created 华米(Zepp/原小米)运动刷步数?

It is built and maintained by Xi'ao Zhao (@ckxgzxa); the current version is v1.0.0.

More Skills