ClawHub

崩溃与性能数据查询

v1.1.0

友盟 APM 数据查询 Skill。当用户询问应用崩溃、ANR、启动性能、网络性能、页面性能等稳定性与性能指标时使用。触发词:崩溃、崩溃率、ANR、启动耐时、启动性能、网络性能、页面性能、APM、稳定性、卡顿。

0· 62·0 current·0 all-time
byUmeng+@squall0925
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Umeng APM queries) match the implementation: the script calls the Umeng APM SDK, looks up apps from a local umeng-config.json, and implements the documented query types.
Instruction Scope
SKILL.md only instructs collecting app name, query parameters, and running scripts/apm.py; the script reads configuration from umeng-config.json (or a path set via UMENG_CONFIG_PATH/--config) which is appropriate for the stated purpose. It does not request unrelated files or external endpoints beyond the Umeng APM endpoint and PyPI for dependencies.
Install Mechanism
There is no platform install spec, but the script auto-installs dependencies via pip (alibabacloud_umeng_apm20220214 and alibabacloud-tea). This is a moderate-risk pattern because it executes pip at runtime (network downloads from PyPI) and may modify the Python environment. The script also forcibly uninstalls any conflicting third-party small-case 'tea' package to fix module-name collisions, which can be disruptive.
Credentials
No cloud credentials or unrelated secrets are requested via environment variables. The script expects API credentials (apiKey/apiSecurity) to be provided in a local umeng-config.json (or specified path), which is proportional to querying the Umeng APM API.
Persistence & Privilege
The skill is not always-enabled and does not modify other skills or global agent settings. It does write to disk indirectly by installing Python packages into the environment, but it does not request persistent privileges beyond normal runtime behavior.
Assessment
This skill appears to do what it claims (query Umeng APM) and reads API keys from a local umeng-config.json. Before installing/using it: (1) review the umeng-config.json contents and ensure you are comfortable storing apiKey/apiSecurity there; (2) run the tool inside an isolated Python environment (virtualenv/container) because the script runs pip to install packages and may uninstall a conflicting 'tea' package which can affect other Python packages; (3) if you cannot allow runtime pip modifications, pre-install alibabacloud_umeng_apm20220214 and alibabacloud-tea manually and avoid running the automatic repair; (4) inspect the full script if you need higher assurance — network calls go to apm.openapi.umeng.com and PyPI only.

Like a lobster shell, security has layers — review code before you run it.

latestvk979jwvt48fmkcm1xy90y85vp184xs13

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments