基于已安装的 xiaodu-control-official 编排观影场景。当用户说“开始观影模式”“我要看电影”“把房间调成适合看电影的状态”“准备看电影了”时使用。这个 skill 会复用 xiaodu-control-official 的现有脚本,对小度智能屏和小度 IoT 设备执行 scene-first...
Security Analysis
medium confidenceThe skill's instructions and requirements are consistent with its stated purpose (an orchestrator that reuses xiaodu-control-official scripts), but it references local scripts and preference files that you should verify before installing.
Name/description match the runtime instructions: the skill is an orchestrator that calls existing xiaodu-control-official scripts to prepare a room for movie watching. The required capabilities (listing scenes, controlling IoT, speaking) align with that purpose.
SKILL.md explicitly instructs the agent to run local shell scripts (e.g., ../xiaodu-control-official/scripts/list_scenes.sh, control_iot.sh, speak.sh) and to read/update local preference files (XIAODU_CONTEXT.md, MEMORY.md) only when the user asks. This stays within the described purpose, but the skill references specific filesystem paths and files even though the registry metadata lists no required config paths—confirm those paths exist and inspect the referenced scripts/files before use.
Instruction-only skill with no install spec and no external downloads — lowest install risk. It will only run shell commands if the agent is permitted to do so.
The skill requests no environment variables or credentials. Its actions are limited to local script invocation and optional local preference persistence, which are proportionate to an orchestrator of IoT/display devices.
Skill may write to XIAODU_CONTEXT.md or MEMORY.md to persist user preferences, but only when the user explicitly asks. It does not request permanent/always-on privileges. Verify where these files are stored and that you are comfortable with the skill modifying them.
Guidance
This skill is coherent with its stated purpose, but before installing: (1) ensure the dependency skill/directory (xiaodu-control-official) and the referenced scripts actually exist where the skill expects them; (2) manually inspect the scripts (list_scenes.sh, control_iot.sh, control_xiaodu.sh, speak.sh, etc.) to confirm they perform only expected local IoT/display actions and do not contact unknown endpoints or exfiltrate data; (3) backup or review XIAODU_CONTEXT.md and MEMORY.md if present, since the skill may read/modify them when you ask it to remember preferences; (4) limit the agent's shell execution permissions or run in a sandbox if you are concerned about arbitrary script execution; and (5) understand this skill will control real devices (lights, curtains, TVs, projectors) — verify those devices and their control scripts are trusted. If any referenced script or path is missing or points to an unexpected location, do not enable the skill until resolved.
Latest Release
v1.0.1
Initial release
Popular Skills
Published by @dueros-mcp on ClawHub
