← Back to Skills Marketplace
1671
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install wps-punchclock
Description
Automate punching time in/out on WPS Time / NetTime (wpstime.com NetTime). Use for phrases like setup punchclock/configure punchclock/set up time clock, clock in/clock out, start break/end break, start lunch/end lunch, check status/status. Runs a Playwright flow, captures a screenshot, and replies with a brief confirmation.
Usage Guidance
What to consider before installing:
- Platform and binaries: This skill requires a macOS host (it uses the 'security' Keychain CLI) and Node.js with the Playwright package available. Confirm the agent/gateway runs on macOS and that Node + Playwright are installed, or ask the author to provide an install spec (package.json or explicit instructions).
- Avoid the chat-based setup: Do NOT use the 'chat wizard' option that asks you to type your password into chat. Use the interactive local setup (node ./scripts/setup.mjs) so credentials go directly into the macOS Keychain and are not recorded in chat/gateway logs.
- Confirm dependencies and scope: Ask the publisher to declare required binaries (node, playwright, security) and an OS restriction (macOS). Request a package.json or install instructions so you can review and control what gets installed.
- Verify runtime behavior: Inspect and/or run the scripts in a controlled environment first. The scripts take screenshots and capture page text (which may contain sensitive info). Ensure screenshots are handled safely when attached to chat channels.
- Principle of least privilege: If you intend to allow autonomous invocation, ensure the agent's execution environment is restricted (so it cannot run arbitrary shell commands beyond what this skill needs) and monitor logs for unexpected behavior.
If you cannot confirm the above, treat the skill as risky. At minimum, ask the author to (1) add an install spec and declared OS/binary requirements, (2) remove or disable the chat-based password collection, and (3) document what data is captured in screenshots/snippets and where attachments are posted.
Capability Analysis
Type: OpenClaw Skill
Name: wps-punchclock
Version: 1.0.1
The skill is classified as suspicious due to its direct use of `node:child_process.execFile` in `scripts/punchclock.mjs` and `scripts/setup.mjs` to execute the `security` command for macOS Keychain interaction. While this capability is plausibly needed for the stated purpose of securely managing credentials, direct shell execution is a high-risk behavior that prevents classification as benign. There is no clear evidence of intentional malicious behavior, data exfiltration beyond the stated purpose, or prompt injection attempts against the agent.
Capability Assessment
Purpose & Capability
The skill's name/description (WPS Time punchclock automation) matches the included code which drives Playwright and uses macOS Keychain. However the registry metadata claims no required binaries or env vars even though the scripts require Node.js, the 'playwright' package, and the macOS 'security' binary. The SKILL.md mentions macOS but the skill has no OS restriction declared. These omissions are inconsistent with the stated purpose and required runtime.
Instruction Scope
SKILL.md and the runbook correctly describe logging into wpstime and taking screenshots, and the code restricts activity to the login page and subsequent site interactions. However SKILL.md documents a 'chat wizard' setup option that explicitly collects the password via chat and instructs storing it on the gateway using 'security add-generic-password' — this exposes sensitive credentials to chat/gateway logs and broadens the risk surface. The runbook also suggests changing browser password/security settings (via chrome:// URLs), which is out-of-band and could be unexpected for users.
Install Mechanism
There is no install spec. The code imports 'playwright' and expects Node. That means the runtime must already include Node and Playwright, but the skill does not declare or install them. This omission can cause runtime failures and hides the fact that a heavy dependency (Playwright) is required. The skill also relies on the system 'security' tool (macOS) — again not declared.
Credentials
The skill does not list required environment variables or credentials in metadata because it uses macOS Keychain for credentials, which is appropriate. However the SKILL.md explicitly offers a chat-based path that sends the password via chat (with only a warning). Asking users to post passwords into chat is disproportionate to the task and dangerous because chat/gateway logs may retain secrets. The code itself reads Keychain only and does not exfiltrate secrets, but the documented chat flow materially increases risk.
Persistence & Privilege
The skill does not request 'always: true', does not declare elevated persistent privileges, and does not modify other skills or global configs. Autonomous invocation is allowed (platform default) but there is no added persistence/privilege escalation in the bundle itself.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install wps-punchclock - After installation, invoke the skill by name or use
/wps-punchclock - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Shortened and simplified skill description and action trigger phrases.
- Standardized punch action keywords to English only.
- Clarified and condensed workflow steps and outputs.
- Updated guidance for message replies and confirmation flows.
- Kept all credential storage, setup, and compatibility details intact.
- No changes to automation logic or operational requirements.
v1.0.0
WPS Time / NetTime punchclock automation initial release.
- Automates clock in/out, lunch/break, and status on WPS Time NetTime via Playwright script.
- Supports both secure local credential setup using macOS Keychain and optional chat-based setup (with warnings).
- Responds to setup/configure, punch in/out, lunch/break start/end, and status check commands in Chinese and English.
- Sends screenshot and brief confirmation of each punch/status action to the user.
- Handles credential errors clearly and guides users to set up keychain access if needed.
Metadata
Frequently Asked Questions
What is dxh141130?
Automate punching time in/out on WPS Time / NetTime (wpstime.com NetTime). Use for phrases like setup punchclock/configure punchclock/set up time clock, clock in/clock out, start break/end break, start lunch/end lunch, check status/status. Runs a Playwright flow, captures a screenshot, and replies with a brief confirmation. It is an AI Agent Skill for Claude Code / OpenClaw, with 1671 downloads so far.
How do I install dxh141130?
Run "/install wps-punchclock" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is dxh141130 free?
Yes, dxh141130 is completely free (open-source). You can download, install and use it at no cost.
Which platforms does dxh141130 support?
dxh141130 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created dxh141130?
It is built and maintained by dxh141130 (@dxh141130); the current version is v1.0.1.
More Skills