App核心指标问答
v1.1.0友盟 App 核心指标问答入口 skill。当用户询问 App 的 DAU、日活、新增用户、启动次数、使用时长等核心运营指标时使用。触发词:DAU、日活、新增用户、活跃用户、启动次数、使用时长、核心指标、昨天数据、过去7天、上周、最近30天。
⭐ 1· 63·0 current·0 all-time
byUmeng+@squall0925
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (App core metrics Q&A) align with the bundled files: a Python 'scripts/core_index.py' entry and an Umeng OpenAPI SDK (many aop/api/... request classes). The files and CLI parameters map directly to fetching DAU, new users, launches, duration, etc., from Umeng's gateway (gateway.open.umeng.com).
Instruction Scope
SKILL.md limits runtime behavior: ask for app name, map user query to --metric/--range, run scripts/core_index.py, and summarize results in natural language. It explicitly documents config locations (--config, UMENG_CONFIG_PATH, or current-directory umeng-config.json). The instructions do cause the agent to read a local config file and make network requests to Umeng's API — which is expected for this purpose and is spelled out; there are no instructions to read unrelated system files or exfiltrate data elsewhere.
Install Mechanism
No install spec; this is instruction-plus-code delivered with the skill (no external downloads, no brew/npm installs). The code is included in the bundle, so nothing is pulled from arbitrary URLs at install time.
Credentials
The skill does not declare required environment variables but requires a local Umeng config file (umeng-config.json) or UMENG_CONFIG_PATH pointing to it. That file will contain Umeng API credentials (appkey/secret or access tokens) necessary to query metrics. Requesting those credentials is proportionate to the stated purpose, but users must recognize they will provide secrets via a local config file rather than declared env vars.
Persistence & Privilege
always:false and no requests to modify other skills or system-wide settings. The skill runs a Python script on invocation (normal). No elevated or persistent platform privileges are requested by the skill metadata.
Assessment
This skill appears to do what it says: it includes an Umeng OpenAPI Python SDK and a script that queries Umeng for DAU, new users, launches, duration, etc. Before installing/providing credentials: 1) Understand you must supply Umeng API credentials via umeng-config.json or UMENG_CONFIG_PATH — keep that file private and stored securely. 2) The skill will make network requests to gateway.open.umeng.com; verify you're comfortable with those queries and that the app keys you provide are scoped appropriately. 3) Source is unknown and there's no homepage—if you need stronger assurance, inspect scripts/core_index.py (and any logging) to confirm it only calls expected Umeng endpoints and doesn't log or transmit your config to other endpoints. 4) Ensure a Python runtime is available where the skill runs. If you cannot or do not want to provide Umeng credentials, do not enable the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk977bvgg1etj31fejt4psvcj3x84wxjn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.