金蝶云星空二次开发
ReviewAudited by ClawScan on May 8, 2026.
Overview
This is an instruction-only Kingdee ERP development guide with no runnable installer or code, but it includes admin, database, and API credential examples that should be followed carefully.
This skill appears suitable as a Kingdee development reference. Before following generated deployment, SQL, WebAPI, or admin guidance, verify it against official Kingdee documentation, use a test environment first, maintain backups, avoid default administrator passwords, and keep production credentials out of chat unless absolutely necessary.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If copied into production without review, these examples could interrupt service or affect business data.
The skill documents operational steps and SQL commands that can restart services, install packages, or overwrite/restore ERP databases. These are expected for deployment operations but are high-impact if run in the wrong environment.
目标环境登录管理中心...执行安装...重启 IIS; RESTORE DATABASE ... WITH ... REPLACE
Use these commands only with explicit user approval, in the correct environment, after backups, and preferably after testing in a non-production system.
Exposed app secrets or tokens could allow unauthorized API calls or account access.
The integration guidance involves OAuth client secrets and login tokens. This is purpose-aligned for Kingdee OpenAPI/SSO work, but those credentials are sensitive and can grant account or system access.
"app_secret": "your_app_secret" ... "https://your-cosmic-domain/login.html?redirect_uri=https://third-party.com/callback&token=YOUR_TOKEN"
Use least-privilege API credentials, avoid pasting production secrets into chat, do not log tokenized URLs, rotate exposed secrets, and prefer secure OAuth flows documented by the vendor.