YingDao-GuoKe
v1.0.0影刀RPA社区技能,支持用户绑定社区账号并查询个人信息,包括基本信息、成就等级、开发统计数据等。当用户需要查询影刀社区账号、查询影刀信息、获取开发统计数据时,使用此技能。例如:'绑定我的影刀账号'、'查询我的影刀信息'、'我的影刀社区信息'、'查看我的影刀账号信息'。
⭐ 1· 99·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (bind community account and fetch personal/dev stats) match the implementation: the code extracts a UUID from a provided profile URL, saves bindings to data/user.json, and calls Yingdao API endpoints to fetch user and app statistics.
Instruction Scope
SKILL.md instructs the agent to prompt for a personal homepage link, extract the UUID, store it, and query specified Yingdao API endpoints. The instructions reference only the local user.json file and the Yingdao APIs described — no unrelated system files, environment variables, or external endpoints are referenced.
Install Mechanism
There is no install spec; this is instruction + a single Node.js script that uses built-in modules (fs, path, https). No external downloads or package installs are required by the provided files.
Credentials
The skill requires no environment variables, credentials, or config paths. The data it collects is limited to user-provided profile links/UUIDs, which the skill stores locally; this is proportional to its stated purpose.
Persistence & Privilege
The skill does persist data locally (data/user.json) to remember bindings, which is consistent with its behaviour. It does not request always:true, nor does it modify other skills or system-wide settings.
Assessment
This skill appears to do what it says: it asks you to provide your Yingdao community profile link, extracts and stores your UUID in data/user.json, and queries Yingdao's public APIs to return profile and development statistics. Before installing, be aware: (1) your UUID/personalId will be stored on disk inside the skill's data directory (delete data/user.json to remove bindings); (2) the skill makes outbound HTTPS requests to api.yingdao.com — don't provide sensitive secrets (there is no need to supply API keys or passwords); (3) the skill is a Node script using built-in modules — you can open and review scripts/yingdao_rpa.js yourself to confirm behavior. If you are comfortable with local storage of the UUID and the network calls to Yingdao, the skill is coherent with its description.Like a lobster shell, security has layers — review code before you run it.
latestvk97fpqqj84kvpejsxrwnbqsy3n83wbc4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.