← Back to Skills Marketplace
141
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install uapp-apm
Description
友盟应用性能监控(U-APM)数据查询技能,支持通过 umeng-cli call 调用友盟 APM OpenAPI(apm.openapi.umeng.com)的 8 个只读查询接口,涵盖今日/历史稳定性、启动性能、网络性能、原生页面、H5 页面、分钟级网络与稳定性数据。当用户需要查询应用崩溃率、启动耗时、网络...
Usage Guidance
This skill appears to be a legitimate wrapper for Umeng APM queries, but it asks the agent to run automatic telemetry and to send any Appkey you input via 'umeng-cli trace'. Before installing or using it: (1) decide whether you want the agent to automatically send usage data and any Appkey you supply — disable or remove the 'umeng-cli trace' steps if you don't; (2) prefer installing the CLI via a package manager (npm) rather than piping a remote install script into sh, and inspect the install script before running it; (3) confirm that sending your appKey to Umeng for 'trace' is acceptable to you and your organization (it may be sensitive); (4) verify the umeng-cli source/repository and privacy policy; and (5) be aware the SKILL.md requests the agent to post a login link and run login in background — that flow is normal but ensure credentials are handled by umeng-cli rather than being copied into chat. If you want, ask the skill author to remove automatic 'trace' calls or to make telemetry opt-in and to document exactly what 'trace' sends.
Capability Analysis
Type: OpenClaw Skill
Name: uapp-apm
Version: 1.2.0
The skill instructions (SKILL.md) contain prompt injections directing the AI agent to perform automated telemetry/tracking by executing 'umeng-cli trace' commands, including reporting the user's 'appkey' (dataSourceId) to the CLI tool without explicit user consent. Additionally, the documentation promotes a high-risk installation method via 'curl | sh' (pointing to raw.githubusercontent.com/umeng/umeng-cli), which is a common vector for supply chain attacks. While these behaviors are likely intended for legitimate vendor usage analytics, the automated exfiltration of identifiers and the use of unverified remote scripts meet the threshold for suspicious activity.
Capability Tags
Capability Assessment
Purpose & Capability
The Skill's name and main functionality (calling Umeng APM read-only endpoints via umeng-cli) are coherent. However the SKILL.md additionally requires running umeng-cli trace calls to report usage and to send the Appkey when provided. Telemetry/telemetry-with-Appkey is not necessary to perform read-only queries and thus is disproportionate to the stated purpose. Minor metadata inconsistency: the registry summary presented here lists no required binaries, but SKILL.md metadata and text require 'umeng-cli'.
Instruction Scope
The SKILL.md explicitly instructs the AI Agent to execute 'umeng-cli trace' immediately after reading the document and again when an Appkey (dataSourceId) is entered. That causes automatic outbound telemetry and may transmit sensitive identifiers (appKey). This is scope creep: the skill should not unilaterally send usage or user-supplied keys as part of a read-only query helper. Other instructions (login flow guidance, use of umeng-cli call) are appropriate for the stated purpose.
Install Mechanism
The skill is instruction-only (no install spec in registry), but SKILL.md recommends installation via 'npm install -g @umengfe/umeng-cli' (reasonable) or via piping a script from raw.githubusercontent.com ('curl ... | sh'). While raw.githubusercontent.com is a common host, 'curl | sh' is high-risk practice because it executes remote code automatically; recommend preferring npm or inspecting the script before running. The install recommendation is not strictly required to be embedded in runtime instructions and raises install-time risk.
Credentials
The skill declares no required environment variables or credentials, and relies on umeng-cli to handle AK/SK via interactive login (reasonable). However the instructions require sending the Appkey back to Umeng via the trace command whenever a user provides it; that asks the agent to transmit a user-supplied identifier externally without a clear need. This is disproportionate to mere read-only querying and raises privacy/exfiltration concerns.
Persistence & Privilege
The skill does not request always:true, does not declare config paths or persistent privileges, and is user-invocable only. There is no evidence it modifies other skills or requests system-wide persistence.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install uapp-apm - After installation, invoke the skill by name or use
/uapp-apm - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.0
uapp-apm 1.2.0
- No code or documentation changes detected in this version.
- The SKILL.md content remains unchanged from the previous version.
- No new features, bug fixes, or interface updates included in this release.
v1.1.1
**umeng-cli-uapm v1.1.1 Changelog**
- Migrated skill from previous Python script implementation to use the official `umeng-cli` command-line tool for all U-APM data queries.
- All logic, usage, and examples now reference `umeng-cli call` commands instead of Python scripts.
- Python script `scripts/apm.py` and related content were removed.
- Skill now documents 8 distinct U-APM read-only interfaces, corresponding parameters, and updated best practices (including CLI-based tracing, auth, and appKey operations).
- Updated metadata to declare `umeng-cli` as a runtime requirement and provide installation instructions.
- Adds specific usage notes for login handling and tracking appKey-based events.
v1.1.0
Version 1.1.0 introduces usability improvements, boundaries, and clarification for typical scenarios.
- Added显式触发词、使用流程说明,以及“Step”操作建议,优化人机交互体验
- 明确常见异常边界与应对(如App未指定、ANR仅限Android、时间限制等)
- 加入“description”字段并精简summary,强化Skill目标定位
- 重构文档结构,更易查阅典型问法、参数映射、边界与异常说明
- 保持全部CLI示例及查询类型表不变,补充操作指引和异常反馈文案
v1.0.0
Initial release of uapp-apm skill for querying Umeng APM crash and performance data.
- Supports querying stability (crash/ANR), startup performance, network, and page performance statistics.
- Provides CLI parameter mapping for common queries, including minute-level real-time queries.
- Configuration supports file and environment variable priority.
- JSON structured output available via `--json` parameter.
- Automatic handling and documentation for dependency installation and Tea module conflicts.
Metadata
Frequently Asked Questions
What is 崩溃与性能数据查询?
友盟应用性能监控(U-APM)数据查询技能,支持通过 umeng-cli call 调用友盟 APM OpenAPI(apm.openapi.umeng.com)的 8 个只读查询接口,涵盖今日/历史稳定性、启动性能、网络性能、原生页面、H5 页面、分钟级网络与稳定性数据。当用户需要查询应用崩溃率、启动耗时、网络... It is an AI Agent Skill for Claude Code / OpenClaw, with 141 downloads so far.
How do I install 崩溃与性能数据查询?
Run "/install uapp-apm" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is 崩溃与性能数据查询 free?
Yes, 崩溃与性能数据查询 is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does 崩溃与性能数据查询 support?
崩溃与性能数据查询 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created 崩溃与性能数据查询?
It is built and maintained by Umeng+ (@squall0925); the current version is v1.2.0.
More Skills