POI 详情页问题排查编排器
v0.1.0POI 详情页问题排查编排器。自动执行 6 步排查流程:查代码 (sourceId)→查日志→复现请求→解析返回→阅读代码→定位问题。当用户提供 gsid/traceId 排查 POI 详情页问题时触发。触发词:POI 排查、poi 问题、详情页异常、gsid 排查、traceId 分析、poi 调试、conte...
⭐ 0· 64·0 current·0 all-time
by@hnyyghk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the observed behavior: the SKILL.md and scripts search code, query Loghouse, re-issue HTTP requests (curl), parse JSON and read code — all of which are necessary for a POI detail-page troubleshooting orchestrator.
Instruction Scope
Instructions (and scripts) instruct the agent to call aone-kit tools (code::*, loghouse-mcp::query_log), curl internal hosts, run Python parsing, and save results to /tmp. This is within scope, but it will retrieve potentially sensitive logs, traces, and HTTP responses — the user should expect that those artifacts are read and stored locally.
Install Mechanism
No install spec; this is instruction-only with an included shell script. No downloads or external install URLs are present, so there is no extra install-time risk.
Credentials
The skill declares no environment variables but requires Loghouse and Code MCP access and internal network access (VPN/office network). Those permissions are proportional to the functionality, but they are sensitive — the skill will use your aone-kit credentials/permissions to read logs and code if invoked.
Persistence & Privilege
always:false and no modifications to other skills are present. The script persists results to /tmp/poi-debug-results/, which is normal for a diagnostic tool and does not indicate elevated privileges.
Assessment
This skill appears coherent and implements the advertised 6‑step POI troubleshooting flow, but it will: 1) call aone-kit tools to read code and logs (requires Loghouse/Code MCP authorization), 2) perform HTTP requests to internal hosts (gray-us-business/amap internal domains), and 3) save parsed results under /tmp. Only install/run it in a trusted, internal environment with appropriate permissions. Verify that the agent and account used have minimal necessary access, inspect saved /tmp/poi-debug-results files for sensitive data, and review the hardcoded values (e.g., emp_id and default repo/app names) if you need to limit scope. If you need more assurance, request evidence of what exact log fields and file paths it will access or run the script manually under a controlled account first.Like a lobster shell, security has layers — review code before you run it.
latestvk974qkc6dc127eqc36zbvkxw6n841843
License
MIT-0
Free to use, modify, and redistribute. No attribution required.