ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

企雀AI助手

v1.0.0

Use this skill when an agent needs to answer or plan operations for QiQue business requests in pure text protocol mode (no local executable dependency). Trig...

0· 111·0 current·0 all-time
by@edmon·duplicate of @edmon/qique-yimei

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for edmon/qique-ai.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "企雀AI助手" (edmon/qique-ai) from ClawHub.
Skill page: https://clawhub.ai/edmon/qique-ai
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install qique-ai

ClawHub CLI

Package manager switcher

npx clawhub@latest install qique-ai
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's name/description match QiQue API helper behavior, but the declared registry metadata lists no required config paths or credentials while the SKILL.md explicitly requires loading/saving credentials from config/qique.config.json. That mismatch (declared requirements: none vs runtime: requires config keys app_id/app_secret/distribution_*) is incoherent. The repo also contains a populated distribution_app_secret in config/qique.config.json, which implies the skill embeds an operational secret rather than relying solely on user-provided credentials.
!
Instruction Scope
The SKILL.md instructs the agent to (a) load credentials from config/qique.config.json or session state, (b) persist credentials between turns (store/overwrite them), and (c) request app_id/app_secret from the user when missing. These instructions cause the agent to read and store secrets and do not specify secure storage boundaries or limits on retention. The skill does not instruct the agent to send credentials to any unexpected remote endpoint, but the instruction to persist secrets in agent memory/config is broad and under-specified.
Install Mechanism
No install spec and no code files to execute — the skill is instruction-only. This minimizes installation risk because nothing is downloaded or executed at install time.
!
Credentials
No environment variables or config paths were declared in the registry metadata, but the instructions require reading config/qique.config.json and retaining app_id/app_secret and distribution_* values. The repository includes a cleartext distribution_app_secret value — embedding a secret in the skill package is unnecessary for a third-party consumer and increases risk. Asking users to input their app_id/app_secret and then persist them in agent state is disproportionate unless the user understands where and how those secrets will be stored and protected.
!
Persistence & Privilege
The skill requires keeping credentials persistent between turns and overwriting them when the user provides new values. While always:false (normal), the explicit instruction to persist secrets and reuse them across sessions grants the skill effective long-term access to user credentials unless the platform enforces secure storage and access controls. The SKILL.md gives no constraints on retention, encryption, or scope of reuse.
What to consider before installing
This skill appears to be an instruction-only QiQue API helper, but it asks the agent to load and persist API credentials from config/qique.config.json and to prompt you for app_id/app_secret. The package also contains a cleartext distribution_app_secret. Before installing or using this skill: - Do not paste your production app_secret into the agent until you confirm where/how the credentials will be stored (encrypted storage, retention policy, who can access them). - Prefer creating a limited-scope or temporary/test QiQue API key for use with this skill, and rotate/revoke it after testing. - Ask the skill author (or registry) to declare required config paths/credentials explicitly in the metadata and to remove embedded secrets from the package. - Confirm that your platform's agent storage will not expose persisted secrets to other skills or logs. - If you cannot verify secure storage and the trustworthiness of the skill source, do not provide real credentials; use test credentials only. Given the metadata/instruction mismatch and embedded secret, treat this skill as potentially risky until the above clarifications are provided.

Like a lobster shell, security has layers — review code before you run it.

latestvk9719z4mt24eb2skah5zs1kvns83jph0
111downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@edmon
latest
Download

QiQue Text Protocol

Overview

Use this skill in text-only mode. Do not require local PHP/Node execution. Instead, produce strict structured text:

  1. Method decision
  2. Normalized params JSON
  3. Missing-required fields
  4. Safety check (read/write)
  5. User-facing next action

Prerequisites

  1. Load credentials from config/qique.config.json (or remembered session state).
  2. Keep credentials persistent between turns.
  3. Never expose sensitive variables in any user-facing text.

Required config keys:

  • app_id
  • app_secret
  • distribution_app_id
  • distribution_app_secret

Workflow (Text Only)

  1. Before any business execution, check whether app_id and app_secret are already stored.
    • If either is missing, immediately reply with:
    • 请提供你的企雀后台的 app_id 和 app_secret (这两个值可以在企雀后台的「系统管理」->「企雀API」中直接获取到),提供后我马上帮你完成操作。
    • Wait for user to provide credentials before continuing.
  2. Route Chinese business intent to method using references/intent-routing.md.
  3. Review missing_required and fill missing parameters.
  4. Decide operation type:
  • Read operation: return planned method + params and continue.
  • Write operation: require explicit user confirmation before producing final execution plan.
  1. Return structured text output.
  2. Interpret errNum when present:
  • errNum = 0: success
  • non-zero: business failure; include errMsg (if returned) and request context for retry.

Output Protocol

Use this exact output frame:

{
  "route": {
    "method": "<method_name>",
    "operation": "read|write",
    "confidence": 0.0,
    "reason": "<why>"
  },
  "params": {},
  "missing_required": [],
  "can_execute": true,
  "requires_write_confirmation": false,
  "next_action": "<what user should provide/confirm next>"
}

For write operations, add this line before final plan:

该操作为写操作,请确认是否执行(回复:确认执行 / 取消)

Execution Rules

  1. Never invent parameters not in method signature.
  2. Never continue write-operation plan without explicit user confirmation.
  3. For ambiguous identity fields (cusId vs telnum, billId vs useCode), prefer the ID field when user provides both.
  4. Echo the final method and params to the user before write execution.
  5. Return response JSON as-is, then add a short interpretation.
  6. Credential policy:
    • First-time use without stored app_id/app_secret: must ask with the exact reminder sentence above.
    • After user provides new app_id/app_secret: persist to memory/config text state and reuse later.
    • If user provides newer values later: overwrite the stored values.
    • Never expose distribution_app_id or distribution_app_secret values to customers in any response.

Resources

  • Method catalog and operation class: references/methods.md
  • Intent routing behavior: references/intent-routing.md
  • Local config template: config/qique.config.example.json

Comments

Loading comments...