← Back to Skills Marketplace
180
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install uni-app-wechat-miniprogram-cicd
Description
uni-app 项目微信小程序全流程开发、构建与 CI/CD 发布。当用户提到:开发 uni-app 小程序、用 uni-app 开发微信小程序、uni-app 小程序 CI/CD 发布、小程序上传体验版、自动发布微信小程序、miniprogram-ci 配置、微信小程序自动化发布、GitHub Actions...
Usage Guidance
This skill appears to implement a real uni‑app → WeChat CI/CD workflow, but the registry metadata fails to declare the runtime requirements (node/npm and the CI secrets). Before installing or enabling it:
- Treat WEAPP_PRIVATE_KEY and WEAPP_APPID as sensitive secrets. Do not put private keys into repo history; store them in CI secret storage.
- Confirm the skill's metadata is updated to declare required env vars and binaries (NODE/npm, WEAPP_APPID, WEAPP_PRIVATE_KEY or WEAPP_PRIVATE_KEY_PATH, VERSION). The current metadata omission is suspicious (may be an oversight, but it hides what the skill actually needs).
- Review scripts/build-uni.js and scripts/ci-publish.sh yourself: they write the private key from an env var to disk (keys/private.key by default). Ensure your CI runner is trusted, permissions are tightened (chmod), and artifacts containing keys are not retained or published.
- In CI (GitHub Actions/GitLab) ensure secrets are masked and the key-writing step cannot leak via logs. Avoid echoing secrets to logs.
- If you plan to run locally, run the scripts in an isolated environment and verify the private key path before execution.
If the author cannot or will not update the skill metadata to list required env vars and runtime dependencies, consider this a red flag and proceed only after manual code review and controlled testing.
Capability Analysis
Type: OpenClaw Skill
Name: uni-app-wechat-miniprogram-cicd
Version: 1.0.0
The skill bundle provides a legitimate set of tools and documentation for automating the CI/CD pipeline of uni-app WeChat mini-programs using the official 'miniprogram-ci' library. The scripts (scripts/build-uni.js and scripts/ci-publish.sh) correctly handle sensitive credentials like the WeChat private key by reading them from environment variables and applying appropriate file permissions (chmod 400), which is standard practice for CI environments. No evidence of data exfiltration, malicious execution, or prompt injection was found.
Capability Assessment
Purpose & Capability
The skill's name, description, SKILL.md and scripts all consistently implement uni-app building and miniprogram-ci based upload/publish; the requested capabilities (AppID, private key, CI integration) are appropriate for that purpose. However the registry metadata lists no required env vars or binaries even though the scripts and CI templates clearly require NODE/npm, WEAPP_APPID, WEAPP_PRIVATE_KEY (or WEAPP_PRIVATE_KEY_PATH), VERSION, etc. That metadata omission is an inconsistency.
Instruction Scope
SKILL.md and included scripts limit themselves to building the project, writing the private key to a local path, and invoking miniprogram-ci to upload/publish. They do not instruct reading unrelated system files or exfiltrating data to third‑party endpoints; uploading is done to WeChat via miniprogram-ci as expected. The scripts do write secret material (private key) to disk — which is necessary for miniprogram-ci but worth noting.
Install Mechanism
This is an instruction-only skill with two small helper scripts; there is no install spec that downloads arbitrary archives. The risk surface is limited to running the provided scripts. Runtime does require installing project dependencies (npm ci) and miniprogram-ci in CI, which the templates document.
Credentials
The code expects sensitive environment data (WEAPP_PRIVATE_KEY or WEAPP_PRIVATE_KEY_PATH and WEAPP_APPID, plus VERSION and optionally CI_MODE). Those are appropriate and necessary for the stated purpose, but the registry metadata declares no required env vars or primary credential and lists no required binaries. Also the scripts write the private key file from an env var into the repository/workspace; that is functionally necessary but increases exposure if CI runner or artifacts are not properly secured or secrets are misconfigured.
Persistence & Privilege
The skill is not marked always:true and does not request system‑wide or other-skill credentials. It writes files only into its workspace (keys/ path by default) and uses standard CI runner operations. No persistent background privileges are requested.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install uni-app-wechat-miniprogram-cicd - After installation, invoke the skill by name or use
/uni-app-wechat-miniprogram-cicd - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
uni-app 微信小程序开发与 CI/CD 发布技能首发:
- 提供 uni-app 项目微信小程序全流程开发、构建和自动化 CI/CD 发布支持
- 集成 miniprogram-ci,支持命令行上传、体验版发布及 API 用法参考
- 附 GitHub Actions / GitLab CI 配置模板与一键发布脚本,适配主流 CI/CD 流水线
- 详细文档覆盖项目初始化、微信开发者工具 CLI 配置、密钥管理等核心环节
- 故障排查与常用命令速查表,简化问题定位和开发维护
Metadata
Frequently Asked Questions
What is Uni App Wechat Cicd?
uni-app 项目微信小程序全流程开发、构建与 CI/CD 发布。当用户提到:开发 uni-app 小程序、用 uni-app 开发微信小程序、uni-app 小程序 CI/CD 发布、小程序上传体验版、自动发布微信小程序、miniprogram-ci 配置、微信小程序自动化发布、GitHub Actions... It is an AI Agent Skill for Claude Code / OpenClaw, with 180 downloads so far.
How do I install Uni App Wechat Cicd?
Run "/install uni-app-wechat-miniprogram-cicd" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Uni App Wechat Cicd free?
Yes, Uni App Wechat Cicd is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Uni App Wechat Cicd support?
Uni App Wechat Cicd is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Uni App Wechat Cicd?
It is built and maintained by ACxj (@acxj); the current version is v1.0.0.
More Skills