alexalisted

# Alexa Use this skill for Amazon Alexa workflows in two narrow modes: 1. Expose HybridClaw as a custom Alexa skill through the Alexa Skills Kit (ASK). 2. Prepare guarded Alexa-as-device reads and write plans for the official Smart Home Skill API and the opt-in community Alexa Remote / `alexapy` surface. Do not use this skill for arbitrary Amazon API calls, shopping account access, or browser automation. Keep all credentials behind SecretRef and use the helper to build bounded payloads instead of hand-writing URLs, headers, cookies, or request bodies. ## Safety Rules 1. Validate every inbound ASK request before parsing slots or running an agent bridge. Reject invalid `Signature`, invalid `SignatureCertChainUrl`, signing certificates that do not cover `echo-api.amazon.com`, or timestamp drift of 150 seconds or more. 2. Never persist or echo Login with Amazon access tokens. The request token maps to a HybridClaw operator session outside the prompt through the F13 SecretRef rail. 3. Model output sent back to Alexa must be TTS-safe. Use `build-response` so markdown, code blocks, and very long URLs are stripped before SSML is built. 4. Path-B reads are green but privacy-sensitive because devices, list contents, routines, and last-command history can reveal household behavior. 5. Path-B writes are amber/red. Announcements, list mutations, device control, and routine triggers require exact F8/F14 approval that names the target room or device and th