Qinglong Skills

v1.0.2

Manage QingLong (青龙) panel via REST API — cron jobs, environment variables, scripts, dependencies, subscriptions, logs and system operations. Use this skill...

⭐ 1· 148·1 current·1 all-time

by@nnnnzs

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for nnnnzs/qinglong-skills.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Qinglong Skills" (nnnnzs/qinglong-skills) from ClawHub.
Skill page: https://clawhub.ai/nnnnzs/qinglong-skills
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: QINGLONG_URL, QINGLONG_CLIENT_ID, QINGLONG_CLIENT_SECRET
Required binaries: curl, jq
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install qinglong-skills

ClawHub CLI

Package manager switcher

npx clawhub@latest install qinglong-skills

Security Scan

Capability signals

Requires OAuth tokenRequires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description match the requested resources and behavior. Required binaries (curl, jq), required env vars (QINGLONG_URL, QINGLONG_CLIENT_ID, QINGLONG_CLIENT_SECRET), included API reference and a CLI wrapper script (scripts/ql.sh) are all appropriate and expected for a QingLong panel management skill.

ℹ

Instruction Scope

SKILL.md limits runtime behavior to calling scripts/ql.sh against the user's QINGLONG_URL. The instructions instruct listing before changes and confirming destructive actions, which is appropriate. Note: the skill and script expose APIs that permit system-level operations (e.g., system command-run, auth reset), so callers should grant only the scopes they actually want the skill to exercise and confirm destructive/system actions before running them.

✓

Install Mechanism

No install spec; skill is instruction-only with a bundled shell script. No third-party downloads or archive extraction. This is low-risk from an installation perspective, though the included script will be stored and executed on the host.

✓

Credentials

Requested environment variables (panel URL, client id, client secret) are exactly what the QingLong Open API requires. The script also uses XDG_CACHE_HOME/HOME to store a token cache, which is expected. No unrelated credentials or extraneous env vars are requested.

ℹ

Persistence & Privilege

always: false (normal). The skill writes a token cache file under $XDG_CACHE_HOME or $HOME/.cache/qinglong and recommends placing credentials into openclaw.json (user-managed). Those are expected behaviors, but users should be aware that credentials and tokens will be stored on-disk and that the skill can call system-level QingLong endpoints if the configured app has those scopes.

Assessment

This skill appears to do exactly what it says: it calls your self-hosted QingLong panel using the panel URL and the client credentials you provide. Before installing or enabling it: 1) Only grant the minimum Open API scopes in QingLong (avoid full 'system' scope unless you need system-level actions). 2) Be aware that the script caches an auth token in $XDG_CACHE_HOME or $HOME/.cache/qinglong/token and that you must store the client secret somewhere (the README suggests openclaw.json); protect those files with appropriate filesystem permissions. 3) Review scripts/ql.sh locally (it’s included) so you’re comfortable with the exact API calls made. 4) If you will let an autonomous agent call skills, remember this skill can perform destructive/system operations on the panel (delete cron jobs, reset auth, run arbitrary commands) — require explicit confirmation before performing such actions. If any of those concerns are unacceptable, do not install or limit the app scopes/credentials you provide.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🐉 Clawdis

Binscurl, jq

EnvQINGLONG_URL, QINGLONG_CLIENT_ID, QINGLONG_CLIENT_SECRET

latestvk9799nh7yp4fnf719bytzqgce985f1q6

148downloads

1stars

3versions

Updated 3d ago

v1.0.2

MIT-0

QingLong Panel Skill

Control your QingLong (青龙) scheduled task panel via REST API using scripts/ql.sh.

📦 ClawHub: https://clawhub.ai/nnnnzs/qinglong-skills 📖 GitHub: https://github.com/NNNNzs/qinglong-skills

First time setup? See references/setup.md for installation and credential configuration.

Security note: This skill only communicates with the user's own self-hosted QingLong panel using credentials they provide. It does not access any external services or exfiltrate data.

How to approach user requests

When the user asks to manage their QingLong panel, follow this pattern:

List first, then act — before modifying anything, list the relevant resources so you know the IDs. For example, before disabling a cron job, run cron list to find its ID.
Batch when possible — most commands accept multiple IDs. If the user wants to disable all JD-related env vars, search first then pass all IDs in one call.
Confirm destructive actions — for delete operations, show the user what will be deleted before running the command.
Check logs on failure — if a cron job fails, use cron log <id> to fetch the latest log and surface the error.

Quick Reference

Cron Jobs

scripts/ql.sh cron list                                    # List all
scripts/ql.sh cron get <id>                                # Get detail
scripts/ql.sh cron create --command "task x.js" --schedule "0 0 * * *" --name "Task"
scripts/ql.sh cron update <id> --name "New Name"
scripts/ql.sh cron delete <id>                             # Delete (supports multiple IDs)
scripts/ql.sh cron run <id>                                # Run now
scripts/ql.sh cron stop <id>                               # Stop
scripts/ql.sh cron enable <id> / disable <id>              # Enable / Disable
scripts/ql.sh cron pin <id> / unpin <id>                   # Pin / Unpin
scripts/ql.sh cron log <id>                                # View latest log

Environment Variables

scripts/ql.sh env list                                     # List all
scripts/ql.sh env list "JD"                                # Search by keyword
scripts/ql.sh env create --name "KEY" --value "VALUE" --remarks "note"
scripts/ql.sh env update --id <id> --name "KEY" --value "NEW_VALUE"
scripts/ql.sh env delete <id>
scripts/ql.sh env enable <id> / disable <id>

Scripts

scripts/ql.sh script list                                  # List all
scripts/ql.sh script get --file "test.js"                  # View content
scripts/ql.sh script save --file "test.js" --content "console.log('hi')"
scripts/ql.sh script run --file "test.js"                  # Run
scripts/ql.sh script stop --file "test.js"                 # Stop
scripts/ql.sh script delete --file "test.js"               # Delete

Dependencies

scripts/ql.sh dep list                                     # List all
scripts/ql.sh dep install --name "axios" --type 0          # 0=node, 1=linux, 2=python3
scripts/ql.sh dep reinstall <id>
scripts/ql.sh dep delete <id>

Subscriptions

scripts/ql.sh sub list / run <id> / stop <id> / enable <id> / disable <id> / delete <id>

System

scripts/ql.sh system info                                  # System info
scripts/ql.sh system config                                # System config
scripts/ql.sh system check-update                          # Check updates
scripts/ql.sh system reload                                # Reload
scripts/ql.sh system command-run --command "task test.js"  # Run command
scripts/ql.sh system auth-reset --username admin --password newpass

Token Management

scripts/ql.sh token refresh                                # Force refresh
scripts/ql.sh token show                                   # Show cached
scripts/ql.sh token clear                                  # Clear cache

Troubleshooting

Symptom	Likely cause	Fix
`401 Unauthorized`	Wrong credentials	Verify `QINGLONG_CLIENT_ID` and `QINGLONG_CLIENT_SECRET`
`Connection refused`	Panel unreachable	Check `QINGLONG_URL` is accessible; try `curl $QINGLONG_URL`
`Scope error`	Missing API scope	In QingLong UI → Application → edit app → add the required scope
Token keeps expiring	Clock skew	The script auto-refreshes; if it loops, run `token clear` then retry
Command not found	Missing deps	Ensure `curl` and `jq` are installed: `which curl jq`

If a cron job fails silently, fetch its log: scripts/ql.sh cron log <id>

API Reference

Full API documentation: references/api.md

Resource	Base path
Cron Jobs	`/crons`
Envs	`/envs`
Scripts	`/scripts`
Dependencies	`/dependencies`
Subscriptions	`/subscriptions`
Logs	`/logs`
System	`/system`
Config Files	`/configs`

Comments

Loading comments...