DataEase

v1.1.0

通过自然语言查询 DataEase 组织、切换组织、列出仪表板或数据大屏，并把指定资源导出为截图或 PDF。

⭐ 1· 137·0 current·0 all-time

by@xuwei-fit2cloud

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for xuwei-fit2cloud/dataease.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "DataEase" (xuwei-fit2cloud/dataease) from ClawHub.
Skill page: https://clawhub.ai/xuwei-fit2cloud/dataease
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install dataease

ClawHub CLI

Package manager switcher

npx clawhub@latest install dataease

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The skill's name/description (export DataEase dashboards) aligns with the included Python and Node scripts which call DataEase APIs and drive a headless browser. However the registry metadata declares no required environment variables or binaries while SKILL.md and the code clearly expect multiple environment variables (DATAEASE_BASE_URL, DATAEASE_ACCESS_KEY, DATAEASE_SECRET_KEY, DATAEASE_USERNAME, DATAEASE_PASSWORD, DATAEASE_LOGIN_ORIGIN) and external tools (openssl, Python3, Node/Playwright, Chromium). The omission in the manifest is an incoherence that could mislead users or automated installers.

ℹ

Instruction Scope

SKILL.md instructions are scoped to listing orgs, switching orgs, listing resources, and exporting via a local browser preview; they instruct reading environment variables and .env, building tokens, calling DataEase endpoints, and running local browser capture scripts. The capture script's diagnostics collect page body/app HTML snippets and visible text (used for debugging) which could surface sensitive data from the preview page; while useful for diagnosing render issues, that behavior should be noted as it reads page content beyond just capturing an image/PDF.

Install Mechanism

There is no formal install specification in the registry despite a package.json and README that require npm install, Playwright installation, and Python dependencies. The code relies on native openssl via subprocess and on Playwright/Chromium for headless capture; absence of an install step means an agent or user might run the skill in an environment lacking these components, causing failures or prompting ad-hoc installation actions. Missing install metadata is both a usability and a security concern (unexpected binary usage).

Credentials

The skill needs sensitive configuration (access keys or username/password and base URL) which are proportionate to interacting with DataEase, but the skill manifest did not declare any required environment variables. The code will automatically read a .env in the repository root and will accept either credential method (accessKey+secretKey or username+password) and can consume an existing x-de-token. That the manifest omits these expectations is a coherence problem; users should treat provided secrets as high-value and avoid embedding them in chat messages.

✓

Persistence & Privilege

The skill does not request 'always: true' and does not claim to modify other skills or global agent settings. It writes outputs (saved files) and may create temporary files, which is expected for an export tool. Autonomous invocation is allowed (platform default), so be cautious about giving it live credentials if you plan to let agents call it without supervision.

What to consider before installing

This skill appears to implement what it claims, but there are notable mismatches and runtime behaviors you should consider before installing or letting an agent invoke it autonomously: - Credentials and .env: The code expects DATAEASE_BASE_URL and either (DATAEASE_ACCESS_KEY + DATAEASE_SECRET_KEY) or (DATAEASE_USERNAME + DATAEASE_PASSWORD) and may read a .env in the repo root. The registry metadata did not declare these — do not paste credentials into chat. Provide credentials only via environment variables or ephemeral tokens and prefer least-privilege tokens. - Binaries and dependencies: The skill requires Python3, Node.js, Playwright (chromium), and the system openssl binary. There is no install spec, so you must run the README steps (npm install, npx playwright install chromium) manually in a safe environment. If you cannot or do not want to install these, do not enable the skill. - Data captured: The browser capture collects slices of page text and HTML for diagnostics (bodyText, appHtml) and injects tokens into localStorage to authenticate the preview page. These behaviors are necessary for rendering/export but may expose sensitive content from the preview page — run the skill only in a controlled environment. - Safest approach: Review the scripts yourself (they are included), run them manually in an isolated environment with ephemeral or scoped credentials, and confirm expected behavior before allowing the agent to invoke the skill autonomously. Request that the skill publisher update the manifest to declare required env vars and required binaries/install steps before trusting automated installation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cwz0cnz57wtcaqhrv3x2xt183xd9a

137downloads

1stars

2versions

Updated 4w ago

v1.1.0

MIT-0

目标

根据用户的自然语言请求，调用 DataEase 接口完成以下工作：

查询组织列表
切换组织
查询指定组织下的仪表板或大屏列表
导出指定仪表板或大屏的截图或 PDF

输入

用户可能会这样表达需求：

查询当前可用组织
切换到华东组织
查看这个组织下有哪些看板
列出华东组织的大屏
导出“销售总览”看板
截一下“门店运营监控”大屏
导出华东经营分析为 pdf
截销售总览，分辨率 1920*1080，等 5 秒再导出

用户输入中可能包含：

组织 ID
组织名称
资源名称
业务类型：dashboard 或 dataV
输出格式：jpeg 或 pdf
分辨率，例如 1920*1080
额外等待时间

输出

输出内容应包括：

实际执行的动作
匹配到的组织或资源
命中的资源 ID
实际使用的导出参数
生成文件本身；如果运行环境不能直接附带文件，则至少返回绝对保存路径
如果无法准确匹配，则说明原因并返回候选项

执行规则

组织相关

只有用户明确要求“查组织”时，才调用组织树接口
只有用户明确要求“切组织”或已经指明目标组织时，才调用切换组织接口
如果用户只说“查询某组织下的资源”，优先确认是否已给出 orgId
如果只给了组织名称，没有唯一命中的组织，不要猜测，应返回候选组织

资源相关

如果用户明确提到“大屏”“数据大屏”“驾驶舱”，则使用 dataV
其他情况默认使用 dashboard
查询资源时优先列出叶子节点
如果用户只是想“看看有哪些资源”，返回资源列表
如果用户要求“导出”或“查看”某个资源，先匹配资源，再执行本地预览页截图流程
当存在多个相似候选时，不要直接猜测，应返回候选列表并说明歧义

导出默认值

busiType=dashboard
pixel=1920*1080
extWaitTime=0
resultFormat=0，表示 JPEG
如果用户明确要求 PDF，则使用 resultFormat=1

名称匹配规则

在匹配组织名称或资源名称前，需要做标准化处理：

去掉前后空格
英文统一转小写
忽略中英文引号差异
忽略常见标点差异
资源优先匹配叶子节点
如果存在别名映射，先用别名映射转换，再做匹配

鉴权与安全

不要把 access key、secret key 等敏感凭证硬编码到 skill 文件中
不要要求用户在提问里携带 base_url、access key、secret key、username、password
本技能通过以下配置读取环境：
- DATAEASE_BASE_URL
- DATAEASE_ACCESS_KEY
- DATAEASE_SECRET_KEY
- DATAEASE_USERNAME
- DATAEASE_PASSWORD
- DATAEASE_LOGIN_ORIGIN
脚本会自动读取仓库根目录 .env
如果提供了 username 和 password，脚本会先调用 dekey 和 /login/localLogin 获取 x-de-token
如果提供了 accessKey 和 secretKey，脚本会自动生成：
- signature
- x-de-ask-token
如果已切换组织，则后续查询资源或导出时使用切组织返回的 x-de-token
如果用户已提供现成的 x-de-token，脚本可直接复用

失败处理

如果组织树接口调用失败，明确说明组织列表加载失败
如果切换组织失败，返回 HTTP 状态和响应内容
如果资源树接口调用失败，明确说明资源列表加载失败
如果没有找到合适资源，返回最接近的候选名称
如果本地浏览器启动失败、预览页加载失败或截图失败，明确返回错误原因
只有在文件实际写入成功后，才能声明导出成功
导出成功后必须返回 saved_file

使用文件

使用 scripts/capture_dashboard.py 执行 API 调用和文件保存
使用 scripts/browser_capture.mjs 打开预览页并完成本地截图
使用 references/api.md 查看接口说明和鉴权接入方式
如需维护资源别名，编辑 references/resource_aliases.json