ziniao-sso-doc
v1.0.0Use when 需要理解紫鸟单点登录 OpenAPI 的定位、能力、集成流程或接口清单, 用于 ERP 系统 SSO 对接规划、集成设计或接口评估。 不要用于直接查阅具体接口参数——查阅时读取 reference/ 下对应文件。
⭐ 0· 109·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description claim to explain Ziniao SSO OpenAPI integration for ERP SSO; the included SKILL.md + reference files are API docs (endpoints, base URL, headers, schema URL) and nothing outside that domain. No unrelated binaries, env vars, or install steps are requested.
Instruction Scope
The runtime instructions are documentation-only and explicitly limit when to load Level 2 files. They document use of the superbrowser:// custom URL to launch a local client (SuperBrowser.exe) and parameters like autoopen, debugPort, notPromptForDownload and forceDownloadPath. That is expected for SSO integration docs, but those schema URLs can trigger local actions (open/close/exit) and change download behavior if misused — so be careful when constructing or clicking superbrowser:// links or when exposing tokens.
Install Mechanism
No install spec and no code files to run; this is instruction-only so nothing will be downloaded or written to disk by the skill itself.
Credentials
The skill does not request environment variables, credentials, or config paths. The documented API requires an API Key in normal use, which is appropriate to the purpose; the skill itself does not ask for or store secrets.
Persistence & Privilege
always is false, no persistence or modification of other skills/configs is requested. As an instruction-only skill it does not request elevated presence or system-wide changes.
Assessment
This skill is an offline documentation bundle for Ziniao's SSO OpenAPI and appears internally consistent. Before using it: (1) treat your API Key/openapiToken as sensitive — do not paste them into chat or into untrusted skills; (2) verify the docs against the vendor's official documentation when possible since the skill's source/homepage is unknown; (3) be cautious with superbrowser:// links — clicking such a link or running SuperBrowser.exe with crafted parameters can launch local client actions (open accounts, exit the client, and allow automatic downloads or set download paths); and (4) if you plan to call the APIs, perform calls from trusted code with proper credential storage and IP whitelist configuration as the docs advise.Like a lobster shell, security has layers — review code before you run it.
latestvk97b2paky8g71t9q0s5dqb81cd83nb9p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.