快递查询
v1.0.0查询快递物流状态。支持主流快递公司(顺丰、中通、圆通、韵达、申通、极兔、京东、EMS等),自动识别快递公司。当用户询问快递状态、物流信息、包裹位置时触发。
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill name, description, SKILL.md, and scripts/track.py all align: they call the kuaidi100 API using an API key in config.json to return courier status. However, publish_evomap.py is present but not described in SKILL.md; it attempts to publish metadata to https://evomap.ai, which is unrelated to the stated runtime usage and therefore out-of-scope.
Instruction Scope
SKILL.md instructs running scripts/track.py and configuring config.json only. The track.py instructions and behavior stay within the declared purpose (detect courier, call kuaidi100 poll API, format output). The runtime instructions do not tell the agent to run publish_evomap.py.
Install Mechanism
There is no install spec and the skill is instruction-only with included Python scripts. No external archives or download URLs are used; required binary is only python3.
Credentials
No environment variables are requested (correct for the task). config.json includes an API key/customer and a default phone (expected for kuaidi100). However, publish_evomap.py attempts to read a local file ~/.evomap/node_secret and will include it as a Bearer token when posting to evomap.ai — this access to a local secret is not declared or justified by the skill's stated purpose and is disproportionate.
Persistence & Privilege
Skill does not request persistent or elevated privileges, always is false, and it does not modify other skills or system-wide settings. The potentially sensitive action is limited to the optional publish script which would read a local secret and call an external service if executed.
What to consider before installing
The track.py script and SKILL.md match the stated purpose and will call kuaidi100 using the key/customer in config.json. However, this package also contains publish_evomap.py which is unrelated to tracking: it contacts https://evomap.ai and will try to read ~/.evomap/node_secret to send as an Authorization token. Before installing or running anything: (1) do not run publish_evomap.py unless you understand and trust the external endpoint; (2) remove or inspect publish_evomap.py if you only need tracking; (3) rotate or avoid using any real API keys embedded in config.json—replace with placeholders and supply your own key at runtime; (4) restrict agent/code execution to only the track.py script in a controlled environment; (5) if you accidentally ran publish_evomap.py while you had a node_secret, consider rotating that secret. These steps reduce the risk of unintended secret disclosure.Like a lobster shell, security has layers — review code before you run it.
Runtime requirements
📦 Clawdis
Binspython3
latest
快递查询 Skill
查询国内主流快递公司的物流状态,支持自动识别快递公司。
功能特点
- 自动识别快递公司:根据单号前缀自动判断快递公司
- 多公司支持:顺丰、中通、圆通、韵达、申通、极兔、京东、EMS、百世
- 实时物流轨迹:查询包裹的实时位置和运输状态
- 格式化输出:清晰展示物流时间线
使用方法
基本用法
python3 scripts/track.py <快递单号>
指定快递公司
python3 scripts/track.py <快递单号> <快递公司编码>
顺丰快递(需要手机号后四位)
python3 scripts/track.py SF1234567890 shunfeng 1234
支持的快递公司
| 编码 | 名称 | 备注 |
|---|---|---|
| shunfeng | 顺丰速运 | 需要手机号后四位 |
| zhongtong | 中通快递 | 自动识别 |
| yuantong | 圆通速递 | 自动识别 |
| yunda | 韵达快递 | 自动识别 |
| shentong | 申通快递 | 自动识别 |
| jtexpress | 极兔速递 | 自动识别 |
| jd | 京东物流 | 自动识别 |
| ems | 邮政EMS | 自动识别 |
| huitongkuaidi | 百世快递 | 自动识别 |
配置说明
在 config.json 中配置快递100 API 密钥:
{
"key": "YOUR_API_KEY",
"customer": "YOUR_CUSTOMER_ID",
"default_phone": "手机号后四位(顺丰用)"
}
API 限制
- 免费额度:100次/天
- 顺丰快递需要提供手机号后四位
工作流程
- 用户询问快递状态
- 优先询问单号(而非自动查询历史)
- 自动识别快递公司或手动指定
- 调用快递100 API 查询
- 格式化返回物流轨迹
示例输出
📦 顺丰速运
📌 单号: SF1234567890
📍 状态: 派件中
📋 物流轨迹:
📍 2024-03-07 10:30 正在派送中,派送员:张三,电话:138****1234
2024-03-07 08:15 到达 北京朝阳区分拨中心
2024-03-06 22:00 离开 上海转运中心
2024-03-06 18:30 已揽收
Comments
Loading comments...
