微信支付商品券接入skill
v1.0.0微信支付商品券接入助手,提供券类型选型、API代码示例(Java/Go)、开发参数校验、接口报错排查和上线质量检查。Use when user mentions "商品券", "优惠券接入", "发券", "核销", "创建商品券", "商品券代码", "签名报错", "验签失败", "回调收不到", "Requ...
⭐ 1· 113·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the contents: the bundle contains integration guides, many Java/Go example implementations, troubleshooting manuals and CLI scripts to query coupon details — all coherent with a 'WeChat Pay 商品券接入助手'. No unrelated binaries, services, or unexpected credentials are requested.
Instruction Scope
SKILL.md defines clear, narrow runtime instructions (only lookup and present example code, require user confirmation before actions, forbid writing files). The included scripts send requests only to official WeChat Pay API hosts. Caution: examples and docs reference private key file paths and require pre-signed values; the skill relies on the user to supply signatures/keys. Users must NOT paste private keys/API keys into chat — those are sensitive and should remain on the user's side.
Install Mechanism
No install spec; this is an instruction/reference bundle plus example source files. No downloads, package installs, or archive extraction are performed by the skill itself — low install risk.
Credentials
The skill declares no required environment variables, credentials, or config paths, which is proportional to its stated purpose. Example code shows how to load local key files but the skill itself doesn't ask for secrets. Nonetheless, reviewers should be careful about supplying any private keys or long-lived secrets into chat when interacting with the agent.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent agent-wide privileges or modify other skills. Autonomous invocation is allowed by default but is not combined with other red flags here.
Assessment
This package appears to be a legitimate WeChat Pay 商品券 integration helper: it bundles documentation, Java/Go sample clients and small scripts that call the official api.mch.weixin.qq.com endpoints. Before installing/using: (1) verify the origin — source is unknown so cross-check critical instructions against the official WeChat Pay docs; (2) never paste private keys, API keys, or unencrypted certificates into a chat — the examples expect local key files or pre-signed values that should be generated and stored on your servers; (3) run the provided scripts locally (they require you to pass pre-signed signature, timestamp, nonce) rather than giving secrets to the agent; (4) review example code before copy-pasting into production — remove test placeholders and validate error handling and key-management; (5) if you plan to let an agent inspect your code for a quality check, redact or exclude secrets and private keys first. Overall the skill is coherent and its requirements are proportional, but verify authenticity and avoid sharing sensitive credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk9747djfxxcryrpfebj6h56dd983gj97
License
MIT-0
Free to use, modify, and redistribute. No attribution required.