codingsamss/mx-interaction
platforms/codex/skills/mx-interaction/SKILL.md
Safely work with Midea MX / 美信 interactions from Codex. Use when the user asks to search MX users or groups, prepare or send an MX message, notify someone in MX, inspect MX message-query capabilities, search MX chat history, or understand MX ocToken / UA auth behavior. Prefer dry-run before any live send.
$ install --global
skillsauthnpx skillsauth add codingsamss/ai-dotfiles mx-interactionInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 4, 2026, 4:45 AM280.0s12 files scanned
SKILL.md
- name:
- mx-interaction
- description:
- Safely work with Midea MX / 美信 interactions from Codex. Use when the user asks to search MX users or groups, prepare or send an MX message, notify someone in MX, inspect MX message-query capabilities, search MX chat history, or understand MX ocToken / UA auth behavior. Prefer dry-run before any live send.
MX Interaction
Use this skill for MX / 美信读写交互. Keep all token handling local and explicit.
Core Rules
- Never print, persist, or ask the user to paste a raw token in chat.
- Read-only MX lookups do not require extra user authorization when the user's request asks to search users, groups, sessions, or messages.
- Any live send requires explicit user authorization for that exact send target and message in the current conversation. A generic MX task, token lookup, dry-run, or prior unrelated approval is not enough.
- Prefer
scripts/mx_safe_send.pyfor message sends. It dry-runs by default. - Only send live MX messages when the user explicitly authorizes sending and the command includes both
--sendand--confirm-user-authorized. - Do not read MX SQLite databases, app internals, or local message files. Message reading must use exposed
mx_message_*tools only. - If no
mx_message_*tools are available in the current Codex context, say that the current context has no MX query tools and stop. - For auth details, read
references/auth-and-token.md. - For message-query tool contracts, read
references/message-query.md.
Write Workflow
- Identify the target:
- If the user provides a uid or groupId, use it directly.
- If only a person name, employee id, or email prefix is given, run
scripts/user_search.py. - If only a group name is given, run
scripts/group_search.py.
- Build a dry-run first:
python3 scripts/mx_safe_send.py \ --from-id "<sender_uid>" \ --to-id "<receiver_uid_or_group_id>" \ --session-type p2p \ --body "message text" - Review the dry-run payload. Confirm no token appears in output.
- Send only after explicit user approval:
python3 scripts/mx_safe_send.py \ --from-id "<sender_uid>" \ --to-id "<receiver_uid_or_group_id>" \ --session-type p2p \ --body "message text" \ --send \ --confirm-user-authorized
For file, image, @user, @all, or push fields, read references/auth-and-token.md and use the copied original scripts only when the user explicitly asks for those behaviors. The original im_send.py also requires --confirm-user-authorized for any live send.
Lookup Commands
Search users:
python3 scripts/user_search.py --keyword "<姓名/工号/邮箱前缀>"
Search groups:
python3 scripts/group_search.py --keyword "<群名关键字>" --limit 5
These commands require a valid token from MX_OC_TOKEN, the current MX/OpenClaw runtime MCP config, or /tmp/ua_token.txt; do not run them if the user asked for static analysis only.
Read Workflow
Use mx_message_sessions, mx_message_list, mx_message_search_global, mx_message_search_session, and mx_message_history only when those tools are exposed in the current Codex tool list.
Do not emulate those tools with filesystem reads. mx_team_info and mx_team_search are documented in the MX package but are not exported by the current dist/src/tools/index, so treat them as unconfirmed until live tool availability proves otherwise.
Related Skills
codingsamss/mx-im
development
VerifiedTrustedCommunity
Safely search MX users or groups and send Midea MX / 美信 IM messages from Codex. Use when the user asks to notify someone, send a message to a person or group, use a configured group alias, @ users, @ all, or send MX file/image messages. Read lookups need no extra authorization; every live send needs explicit user authorization for that exact target and message.
10SKILL.mdUpdated Jun 5, 2026
codingsamss/official-article-ingest
development
VerifiedTrustedCommunity
Use when Sam wants to collect, save, translate, or reformat official source articles/blog posts/research/product announcements into the Obsidian vault, especially requests mentioning 官方文章, 官网排版, 原始排版, 美观, 收录, 1:1, 原文1:1, or 英文中文对照1:1. Preserve the source site's information architecture and visual hierarchy rather than forcing a generic Markdown template.
9SKILL.mdUpdated Jun 11, 2026
codingsamss/mx-message-query
development
VerifiedTrustedCommunity
Query Midea MX / 美信 local message cache through the MX local HTTP query service from Codex. Use when the user asks to read MX sessions, search chat history, search messages globally or inside a group/session, list recent messages, or page message history. This is read-only and does not require send authorization. Never fall back to reading SQLite or app cache files directly.
8SKILL.mdUpdated Jun 5, 2026
codingsamss/mx-channel-rules
tools
VerifiedTrustedCommunity
MX channel output rules. Always active in MX conversations.
8SKILL.mdUpdated Jun 5, 2026