China company search wendaoyun
v1.1.21问道云企业信息查询工具,支持通过问道云 API 查询企业基本信息、经营信息、财务信息、舆情信息、企业各类风险指标等功能,当用户需要查询企业相关信息时触发。
⭐ 0· 207·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
The SKILL.md describes a WenDaoYun company-info connector and the instructions require a single API key and call the documented WenDaoYun API endpoints — these requirements are appropriate for the stated purpose. However, the top-level registry metadata provided to you earlier said "Required env vars: none" while registry.json and SKILL.md both expect WENDAOYUN_API_KEY; that metadata mismatch is inconsistent and should be corrected/clarified.
Instruction Scope
The runtime instructions only describe searching and fetching company data from the WenDaoYun API, require explicit user confirmation before querying details, and instruct setting WENDAOYUN_API_KEY. They do not ask the agent to read unrelated files, system secrets, or send data to external endpoints other than the documented API base URL.
Install Mechanism
There is no install spec and no code files; this is instruction-only so nothing is written to disk or downloaded during install, which is the lowest-risk install model.
Credentials
The skill asks for a single service API key (WENDAOYUN_API_KEY), which is proportionate for a connector to an external API. The only concern is the inconsistent declaration across metadata (some places claimed no env vars while registry.json and SKILL.md require the key). No other unrelated credentials or secrets are requested.
Persistence & Privilege
The skill does not request always:true and does not request system-level persistence. It is user-invocable and allows normal autonomous invocation (platform default). There is no instruction to modify other skills or system-wide settings.
Assessment
This skill appears to be a straightforward WenDaoYun API client and requires only the service API key (WENDAOYUN_API_KEY). Before installing: 1) Verify you trust the skill author (source/homepage is missing). 2) Confirm the API base URL and endpoints (https://h5.wintaocloud.com/prod-api/api/invoke) against WenDaoYun/Wintaocloud official docs. 3) Only provide an API key scoped for this service (avoid re-using broader credentials). 4) Note the daily quota (200 calls) and that the skill will send queries to the remote API using your key. 5) Ask the publisher to fix the metadata inconsistency (registry.json and SKILL.md require WENDAOYUN_API_KEY but earlier metadata claimed no env vars) before trusting automated use. If the key is ever exposed, revoke/rotate it immediately.Like a lobster shell, security has layers — review code before you run it.
latestvk97e7t3wxb29bghwkme9a6zp4d8534wy
License
MIT-0
Free to use, modify, and redistribute. No attribution required.