Qianfan Usage
v1.0.2Query Baidu Qianfan Coding Plan usage and quota with automatic login or open the control console via commands.
⭐ 0· 365·0 current·0 all-time
bywoods@wsjwoods
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (query Qianfan usage and open console) align with the included Python scripts: they use saved cookies, call the Baidu Qianfan API endpoint, and implement an automated login flow via agent-browser. Required functionality (phone for SMS login, cookie storage) is consistent with the stated purpose.
Instruction Scope
SKILL.md and the scripts instruct the agent to read QIANFAN_PHONE (from env or prompt), open pages with agent-browser, capture snapshots, fill inputs, and save cookie state to ~/.baidu-qianfan-auth.json. Those actions are within scope for an auto-login/usage checker. Note: SKILL.md suggests putting QIANFAN_PHONE in ~/.openclaw/workspace/.env while code reads os.environ; the meta.json also marks QIANFAN_PHONE required — minor mismatch between documentation and code/registry metadata. The scripts only reference the user's home cookie file and the Baidu console API; they do not access other system paths or unrelated credentials.
Install Mechanism
There is no install spec in the registry entry (instruction-only), which is low-risk. However the documentation and _meta.json list agent-browser as a dependency and SKILL.md says 'agent-browser (auto install)'. Because no install mechanism is provided, agent-browser must already exist on the environment or be installed manually; this is an inconsistency in packaging/documentation but not an active risk in itself.
Credentials
The only sensitive input required is a phone number for SMS-based login (QIANFAN_PHONE) and the scripts save/read a cookie file in the user's home. There are no requests for unrelated secrets (AWS keys, tokens, etc.). Storing and using cookies for authenticated requests is expected for this purpose. The registry-level 'Requirements' reported as 'none' (top summary) conflicts with _meta.json and SKILL.md which require QIANFAN_PHONE; this is a documentation/metadata mismatch to be aware of.
Persistence & Privilege
The skill does save login state to ~/.baidu-qianfan-auth.json, which is normal for a login helper. It does not request always:true and does not modify other skills or system-wide agent settings. Autonomous invocation (disable-model-invocation=false) is the platform default; it is not flagged by itself.
Assessment
This skill appears to implement what it claims (query Qianfan usage and auto-login) and uses only the Baidu console API and a cookie file in your home directory. Before installing: (1) Confirm you are comfortable storing Baidu session cookies at ~/.baidu-qianfan-auth.json and that the cookie file has appropriate filesystem permissions. (2) Ensure agent-browser is installed from a trusted source (the scripts call it extensively); the package is listed as a dependency but the registry entry has no install step. (3) Note the minor metadata mismatches: registry "Requirements" shows none while _meta.json and SKILL.md require QIANFAN_PHONE — set the env var if you want non-interactive login. (4) Review the included scripts (they are plain Python) if you need higher assurance, or run them in a restricted environment/VM. If you do not want the skill to store session cookies or to automate a login flow, do not install or run it.Like a lobster shell, security has layers — review code before you run it.
latestvk97873hz7farn2e4n41wzb4sz982rnee
License
MIT-0
Free to use, modify, and redistribute. No attribution required.