← Back to Skills Marketplace
Tianji
by
moonrailgun
· GitHub ↗
· v1.0.1
416
Downloads
1
Stars
1
Active Installs
2
Versions
Install in OpenClaw
/install tianji
Description
Query website analytics, monitor uptime, survey results, telemetry data, feed events, application stats, and more from the Tianji platform via its read-only...
Usage Guidance
This skill appears coherent for querying a Tianji instance. Before installing: (1) provide a least-privilege, read-only API key (not a management/master key); (2) verify the TIANJI_BASE_URL is a host you trust; (3) confirm you are comfortable granting network access to that host; (4) test with a workspace that contains no sensitive production data until you confirm redaction/handling meets your expectations — SKILL.md instructs the agent to redact certain fields, but that depends on the agent honoring the instructions. If you need absolute assurance, review responses from sensitive endpoints (aiGateway, audit logs, workspace members, billing) while using a low-privilege account.
Capability Analysis
Type: OpenClaw Skill
Name: tianji
Version: 1.0.1
The skill includes robust redaction mechanisms in its build script (`scripts/filter-openapi.cjs`) and explicit instructions in `SKILL.md` to prevent the display of sensitive fields like API keys and secrets. However, `SKILL.md` contains a prompt injection vulnerability by instructing the agent to bypass redaction for 'workspace members or audit logs' if the user 'explicitly requests full detail'. The `references/openapi-readonly.json` confirms that the `/workspace/{workspaceId}/members` endpoint can return PII such as user email addresses, which an attacker could exfiltrate by exploiting this instruction.
Capability Assessment
Purpose & Capability
Name/description (Tianji analytics) match the declared config and permissions. skill.yaml and clawhub.json both require TIANJI_BASE_URL, TIANJI_API_KEY, and TIANJI_WORKSPACE_ID and declare the skill as read-only GET endpoints. No unrelated environment variables, binaries, or platform credentials are requested.
Instruction Scope
SKILL.md instructs the agent to choose GET endpoints from the provided api-endpoints.md/openapi-readonly.json, construct GET requests under {TIANJI_BASE_URL}/open with Bearer auth, parse JSON responses, and summarize results. It explicitly forbids displaying sensitive fields (modelApiKey, apiKey, secret, token, password, credential) and calls out PII in some endpoints. The instructions do not ask the agent to read unrelated system files or other credentials.
Install Mechanism
No install spec is provided (instruction-only). The repository includes a small build script and a Node script used to filter a full OpenAPI spec into a GET-only reference; these are documentation-generation utilities and are not an installer or remote download. No external archives or network installs are requested by the skill bundle.
Credentials
The three required config values (base URL, API key, workspace ID) are proportional to a read-only REST API client. The manifest marks the API key as the primary credential/secret. No unrelated secrets or config paths are requested.
Persistence & Privilege
The skill is not forced-always (always:false), is user-invocable, and does not request modifications to other skills or global agent state. It only requires network permission consistent with fetching remote API endpoints.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install tianji - After installation, invoke the skill by name or use
/tianji - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Added a new section on Sensitive Data Handling, detailing rules for redacting or omitting fields containing secrets or personal information from API responses.
- Clarified that sensitive fields such as API keys, tokens, passwords, and PII should never be shown to users.
- Updated workflow guidance for summarizing workspace members and audit logs to emphasize non-sensitive data by default.
v1.0.0
Initial release of the Tianji monitoring and analytics skill.
- Query read-only data from the Tianji platform using its OpenAPI (69 GET endpoints across 14 service domains).
- Supports analytics for website traffic, uptime monitoring, survey results, telemetry events, feed channels, billing, and more.
- Requires configuration for the Tianji base URL, API key, and workspace ID.
- Includes guidance for making requests and handling common usage scenarios (e.g., traffic, health checks, survey analysis).
- All endpoints use GET, require authentication, and return JSON data.
Metadata
Frequently Asked Questions
What is Tianji?
Query website analytics, monitor uptime, survey results, telemetry data, feed events, application stats, and more from the Tianji platform via its read-only... It is an AI Agent Skill for Claude Code / OpenClaw, with 416 downloads so far.
How do I install Tianji?
Run "/install tianji" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Tianji free?
Yes, Tianji is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Tianji support?
Tianji is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Tianji?
It is built and maintained by moonrailgun (@moonrailgun); the current version is v1.0.1.
More Skills