codingsamss/mx-im
platforms/codex/skills/mx-im/SKILL.md
Safely search MX users or groups and send Midea MX / 美信 IM messages from Codex. Use when the user asks to notify someone, send a message to a person or group, use a configured group alias, @ users, @ all, or send MX file/image messages. Read lookups need no extra authorization; every live send needs explicit user authorization for that exact target and message.
$ install --global
skillsauthnpx skillsauth add codingsamss/ai-dotfiles mx-imInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 5, 2026, 3:24 AM94.1s16 files scanned
SKILL.md
- name:
- mx-im
- description:
- Safely search MX users or groups and send Midea MX / 美信 IM messages from Codex. Use when the user asks to notify someone, send a message to a person or group, use a configured group alias, @ users, @ all, or send MX file/image messages. Read lookups need no extra authorization; every live send needs explicit user authorization for that exact target and message.
MX IM
Use this skill for MX / 美信 write-side interactions: user lookup, group lookup, group alias resolution, text sends, file/image sends, @user, and @all.
Rules
- Never print or persist raw tokens.
- Read-only lookups do not require extra authorization.
- Every live send requires explicit user authorization for the exact target and message in the current conversation.
- Prefer
scripts/mx_safe_send.pyfor normal text sends. It dry-runs by default. - Live text sends require both
--sendand--confirm-user-authorized. - Use original
scripts/im_send.pyonly for file, image, @user, @all, or push fields; it also requires--confirm-user-authorized. - Do not read MX SQLite databases or local message cache files.
Auth
Send scripts resolve auth in this order:
MX_OC_TOKEN.OPENCLAW_MX_SERVER_PORT+OPENCLAW_MX_SERVER_SECRETfrom the current env.- The MX OpenClaw LaunchAgent plist
ai.midea-openclaw.gateway-stable.plist, thenGET /oc-tokenwithx-server-secretto exchange a fresh OC token. - Runtime MCP config
mcporter.json. /tmp/ua_token.txt.- UA authorization flow only when explicitly running
ua_login.pyor when the originalim_send.pyneeds a final fallback.
Never print or store the raw OC token or server secret in skill docs, repo files, logs, or memory.
Target Resolution
- If the user gives a uid or groupId, use it directly.
- If the user gives a group alias, resolve it first:
python3 scripts/group_alias.py "<别名>" - If only a person name, employee id, or email prefix is given:
python3 scripts/user_search.py --keyword "<姓名/工号/邮箱前缀>" - If only a group name is given:
python3 scripts/group_search.py --keyword "<群名关键字>" --limit 5
Alias data is local-only at references/group-aliases.local.json; do not sync
it to repos.
Text Send
Dry-run first:
python3 scripts/mx_safe_send.py \
--from-id "<sender_uid>" \
--to-id "<receiver_uid_or_group_id>" \
--session-type p2p \
--body "message text"
After explicit authorization:
python3 scripts/mx_safe_send.py \
--from-id "<sender_uid>" \
--to-id "<receiver_uid_or_group_id>" \
--session-type p2p \
--body "message text" \
--send \
--confirm-user-authorized
For detailed original script behavior, read only the relevant file in
references/: mx-ua-auth.md, im-send.md, user-search.md,
or group-search.md.
Related Skills
codingsamss/mx-message-query
development
VerifiedTrustedCommunity
Query Midea MX / 美信 local message cache through the MX local HTTP query service from Codex. Use when the user asks to read MX sessions, search chat history, search messages globally or inside a group/session, list recent messages, or page message history. This is read-only and does not require send authorization. Never fall back to reading SQLite or app cache files directly.
8SKILL.mdUpdated Jun 5, 2026
codingsamss/mx-channel-rules
tools
VerifiedTrustedCommunity
MX channel output rules. Always active in MX conversations.
8SKILL.mdUpdated Jun 5, 2026
codingsamss/workspace-cli-bridge
tools
VerifiedTrustedCommunity
Use the company WorkSpace `ws` CLI reliably as a delegated coding agent from Codex. Trigger when the user wants Codex to command `ws`, WorkSpace CLI, or the company opencode-derived coding tool to generate code, inspect a repo, run a bounded implementation task, or use a requested WorkSpace model while Codex reviews the output.
8SKILL.mdUpdated Jun 4, 2026
codingsamss/mx-interaction
development
VerifiedTrustedCommunity
Safely work with Midea MX / 美信 interactions from Codex. Use when the user asks to search MX users or groups, prepare or send an MX message, notify someone in MX, inspect MX message-query capabilities, search MX chat history, or understand MX ocToken / UA auth behavior. Prefer dry-run before any live send.
8SKILL.mdUpdated Jun 4, 2026