xianyu service ops
v1.0.0Operational playbook for selling virtual services on 闲鱼 (Xianyu). Use proactively whenever the user mentions '闲鱼', 'Xianyu', '闲鱼副业', '闲鱼卖服务', '闲鱼上架', '闲鱼标题',...
⭐ 0· 109·0 current·0 all-time
byqWait@qwaitcrypto
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name/description (Xianyu service ops) match the SKILL.md, README and reference materials. It requires no binaries, no env vars, and contains no code — all of which are proportionate for a platform-specific operational playbook.
Instruction Scope
Most runtime instructions stay within the stated purpose (keyword research, title/copy/pricing frameworks, compliance reminders). The skill tells the agent to read a local context file if present (.claude/xianyu-context.md) and to consult bundled reference files on demand. Reading that optional local file is reasonable for persistence, but the skill's declared config paths are empty — a mild documentation/instruction mismatch to be aware of. The instructions do not ask the agent to fetch data from unknown remote endpoints or to access unrelated system paths or credentials.
Install Mechanism
There is no install spec and no code to execute — this is instruction-only, which minimizes disk/network risk. README gives a generic git clone example but no concrete external URLs or binary downloads are invoked by the skill itself.
Credentials
The skill requests no environment variables, credentials, or privileged config paths. Companion skills are only optional and not required. No unexpected secret/exfiltration mechanisms are present in the package contents.
Persistence & Privilege
The skill supports optional local context persistence via .claude/xianyu-context.md (it will read this if present). The registry flag always:false is set (so it is not forced into every session), but the SKILL.md language ('Always use this skill — not general advice — when the context is Xianyu') rhetorically pushes for proactive use; this is a policy/documentation mismatch rather than a technical privilege escalation. No other skills/configurations are modified.
Assessment
This is an instruction-only, evidence-graded playbook for selling services on Xianyu and is internally consistent with what it claims to do. Before installing: (1) confirm you are comfortable with the skill reading an optional local file named .claude/xianyu-context.md — do not store passwords, tokens, or other secrets in that file; (2) understand the skill is advisory and produces copy meant to be pasted directly into Xianyu — you remain responsible for compliance with platform rules (do not include off-platform contact info, guaranteed claims, or copyrighted materials); (3) companion skills are optional — only install them if you trust those additional packages; (4) there are minor doc inconsistencies (the SKILL.md urges always using the skill while registry flag is not set, and the SKILL.md references a local context file that is not declared as a required config path) but these are not security-critical. If you want higher assurance, ask the author for: explicit list of files the skill will read/write, and confirmation that the context file will never be used to store or transmit secrets.Like a lobster shell, security has layers — review code before you run it.
latestvk970t4yaenyc0xt1w2mycpq799837e7x
License
MIT-0
Free to use, modify, and redistribute. No attribution required.