云效项目协作工具

Type: OpenClaw Skill Name: yunxiao-projex Version: 1.0.2 The skill bundle provides a legitimate client for the Alibaba Cloud Yunxiao API, enabling project and work item management. It requires and handles sensitive API tokens (`YUNXIAO_ACCESS_TOKEN`, `YUNXIAO_ORGANIZATION_ID`) from environment variables, which is a standard practice for such tools. A local cache file (`.user-cache.json`) is created to store user names and IDs for a stated 'smart feature' (name-to-ID mapping), and its sensitive nature is explicitly documented in SKILL.md, along with instructions for cleanup. All network communication is directed to the official `openapi-rdc.aliyuncs.com` endpoint. There is no evidence of data exfiltration to unauthorized destinations, arbitrary code execution, obfuscation, or prompt injection attempts against the agent. The code and documentation are clear and align with the stated purpose.