← Back to Skills Marketplace
meituan-zhengchang

美团C端用户Agent认证工具

by meituan-zhengchang · GitHub ↗ · v1.0.8 · MIT-0
cross-platform ⚠ suspicious
253
Downloads
0
Stars
0
Active Installs
10
Versions
Install in OpenClaw
/install meituan-c-user-auth
Description
美团C端用户Agent认证工具。为需要美团用户身份的 Skill(如发券、查订单等)提供手机号验证码登录认证,管理用户Token,实现“一次认证、持续有效”。当其他 Skill 需要校验用户身份、获取用户Token时,作为前置认证模块调用。触发词:美团登录、用户认证、手机号验证、发送验证码、获取Token、切换账...
Usage Guidance
This skill implements Meituan SMS login and token storage, but it will automatically scan for legacy auth files in multiple locations (including ~/.openclaw and other workspaces) and may copy entire legacy JSON content into a shared mt_auth_tokens.json used by other skills. Before installing or running it: - Consider running it in an isolated/sandboxed agent or set XIAOMEI_AUTH_FILE to a path you control (e.g. /tmp/my_auth_tokens.json) so it won't touch your normal workspace. - Alternatively set SKILL_CACHE_WORKSPACE or SKILL_CACHE_CLI_PATH to an isolated directory so the skill_cache_cli operates on a safe location. - Inspect the full auth.py and skill_cache_cli.py yourself (they are bundled) — pay attention to the migration logic that writes legacy JSON wholesale; ideally request the maintainer to change migration to only copy this skill's AUTH_KEY instead of the entire file. - Be aware the skill will store tokens on disk in a shared cache that other skills can read; if you have sensitive tokens from other skills, avoid automatic migration or isolate the workspace. - If you need a safer alternative, ask the author for an explicit opt-in migration flag (instead of automatic), or for clearer guarantees that unrelated keys/files will not be read or migrated. Given these behaviors I recommend treating the skill as potentially risky unless you apply workspace isolation or get code changes that limit migration scope.
Capability Analysis
Type: OpenClaw Skill Name: meituan-c-user-auth Version: 1.0.8 The skill bundle provides a legitimate authentication and token management utility for Meituan services. It handles SMS-based login and local storage of user tokens in a dedicated workspace (~/.xiaomei-workspace), implementing security best practices such as restricted file permissions (0600) and explicit instructions for the AI agent to avoid displaying sensitive tokens in the chat interface. The code communicates exclusively with official Meituan domains (peppermall.meituan.com) and includes a transparent scheduling feature (cron-set) intended for automated coupon collection, which utilizes platform-native scheduling commands rather than unauthorized persistence mechanisms.
Capability Assessment
Purpose & Capability
The name/description claim a Meituan SMS-based auth helper — the included scripts implement that. However the code also actively probes multiple workspace locations (e.g. ~/.xiaomei-workspace, ~/.openclaw/workspace) and offers migration that can copy legacy auth JSON into a shared mt_auth_tokens.json. Probing and migrating other workspace files is broader than a self-contained Meituan auth helper and could touch other skills' tokens or data.
Instruction Scope
SKILL.md instructs running the bundled auth.py and using a local CLI; the scripts perform file system discovery, read legacy auth files, and call a local skill_cache_cli via subprocess. The migration path explicitly reads legacy auth JSON files and then writes the legacy JSON content into the shared mt_auth_tokens.json — that means data beyond this skill's key could be imported and shared. The skill also instructs runtime web fetch for version-checking, and requires timezone checks; these are reasonable but the automated file reads/writes of other locations represent scope creep.
Install Mechanism
No install spec; skill is instruction+scripts only. Nothing is downloaded from the network by an installer. The scripts are included in the bundle (lower install risk).
Credentials
The skill declares no required env vars but the code reads/uses many environment variables (SKILL_CACHE_CLI_PATH, SKILL_CACHE_PYTHON, SKILL_CACHE_WORKSPACE, CLAUDE_WORKSPACE, XIAOMEI_AUTH_FILE, etc.) and will default to standard user workspaces. It also accesses legacy auth file locations (including ~/.openclaw/workspace/auth_tokens.json). Requesting no env vars but reading many implicit ones is mismatched and lets the skill access broader local state than its description justifies.
Persistence & Privilege
The skill persists tokens to a shared workspace (.shared/mt_auth_tokens.json) meant for cross-skill use. Automatic migration can create or overwrite data there. While cross-skill token storage is an expected pattern for an auth helper, the combination of workspace autodetection, legacy-file scanning, and writing entire legacy JSON blobs into the shared file increases the blast radius (it may expose unrelated tokens to other skills). The skill is not always: true, but it does modify on-disk state automatically.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install meituan-c-user-auth
  3. After installation, invoke the skill by name or use /meituan-c-user-auth
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.8
No functional changes in this version. - No file modifications detected. - Only metadata fields added to SKILL.md. - Skill version and core instructions remain unchanged.
v1.0.7
- Updated documentation and usage instructions in SKILL.md with clarified service agreement links and user consent flow. - Rewrote the service agreement process: the confirmation text now references only the official《美团用户服务协议》和《隐私政策》with updated acceptance/decline procedures. - Added a new helper script: scripts/skill_cache_cli.py. - Bumped version to 1.0.14.
v1.0.6
- Updated version to 1.0.8 - Refined the user agreement confirmation flow: now explicitly requires using the specified original text when displaying the agreement notice and instructions. - Clarified that the agreement text style and content must not be modified during presentation. - Added detailed notes and emphasized the requirement to use the exact wording for agreement prompts and links. - No code or file changes; SKILL.md process documentation improved for compliance and clarity.
v1.0.5
- 替换服务协议为官方在线版本,并移除本地 references/terms-of-service.md 文件,协议链接现为 https://open-pepper.meituan.com/eds/rules/meituan-coupon-skill-service-rule.html - 更新用户协议确认流程,全部协议内容改为 Markdown 超链接,取消本地全文展示,统一引导用户「打开链接」查看协议详情 - 描述中统一为“同意”/“拒绝”及超链接说明,明确继续使用本Skill即视为接受所有用户协议与隐私政策 - 其它认证主流程、接口说明未变,兼容旧数据文件和业务逻辑
v1.0.4
- 新增服务协议确认功能:引入用户需阅读并接受《Skill服务使用规则》的合规流程,命令包括 terms-check、terms-accept、terms-decline。 - 增加 references/terms-of-service.md 文件,用于协议全文展示。 - 标准认证流程前置服务协议确认步骤,未接受协议需引导用户同意才能继续认证。 - 命令列表扩展,详细列出协议相关新命令。 - 细化流程说明,明确了协议确认后的持久化存储与撤销机制。 - 补充时区检查步骤,确保接口时间一致性。
v1.0.3
Version 1.0.3 focuses on clarifying the handling of安全验证 (security verification)流程: - 明确规定安全验证时必须从脚本 JSON 输出的 redirect_url 字段取值,不可自行拼装或猜测跳转链接。 - 若 redirect_url 为空字符串,需提示用户“安全验证链接获取失败,请稍后重试”。 - 明确流程指引:用户完成安全验证后需重新调用 send-sms,无需用户再次输入手机号。 - 补充注意事项,强调不能在对话中展示 user_token 和 device_token。 - 版本号由 1.0.2 更新为 1.0.3。
v1.0.2
**Token 有效期判断逻辑优化,避免误导用户** - 修改 `status` 命令说明为只检查本地 Token 是否存在,不再包含本地过期判断。 - 注意事项中明确 Token 有效性仅以服务端 `token-verify` 为准,在本地不再推算过期时间,也不对用户提示 Token 有效期。 - 保持整体标准认证流程与接口逻辑不变,实际校验以线上接口返回为准。 - 版本号升级为 1.0.2。
v1.0.1
- 版本检查机制由 Friday 广场页面切换为 clawhub.ai 版本页面,更新了获取远程版本号和比对流程说明 - 版本提示信息中的 Skill 更新地址同步切换为 clawhub.ai - 其余说明与使用方法未做变动
v1.0.0
- 新增对短信发送安全验证(错误码20010/SMS_SECURITY_VERIFY_REQUIRED)的完整处理流程。 - 增加安全验证分支说明:当需安全验证时,提示用户访问redirect_url,完成后自动触发短信,无需重复输入手机号。 - 错误码表新增20006、20007、20010、99998等,细化出错提示,更准确覆盖业务返回。 - 注意事项补充第7点,强调安全验证逻辑和用户引导要求。 - 标准认证流程图示中增加安全验证流程和返回分支说明。
v1.0.0-SNAPSHOT
meituan-c-user-auth 1.0.0-SNAPSHOT - 提供美团C端手机号验证码登录认证,管理并持久化用户Token,实现“一次认证、持续有效”。 - 设计为其他Skill的前置认证模块,支持校验、获取和切换用户身份。 - 支持跨平台使用,详细脚本调用及环境变量配置说明。 - 明确各命令用法及认证流程,含标准交互步骤与错误码友好提示。 - 约定API接口与前置认证用法,便于业务Skill集成。 - 强调安全注意事项,避免敏感信息展示。
Metadata
Slug meituan-c-user-auth
Version 1.0.8
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 10
Frequently Asked Questions

What is 美团C端用户Agent认证工具?

美团C端用户Agent认证工具。为需要美团用户身份的 Skill(如发券、查订单等)提供手机号验证码登录认证,管理用户Token,实现“一次认证、持续有效”。当其他 Skill 需要校验用户身份、获取用户Token时,作为前置认证模块调用。触发词:美团登录、用户认证、手机号验证、发送验证码、获取Token、切换账... It is an AI Agent Skill for Claude Code / OpenClaw, with 253 downloads so far.

How do I install 美团C端用户Agent认证工具?

Run "/install meituan-c-user-auth" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 美团C端用户Agent认证工具 free?

Yes, 美团C端用户Agent认证工具 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does 美团C端用户Agent认证工具 support?

美团C端用户Agent认证工具 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 美团C端用户Agent认证工具?

It is built and maintained by meituan-zhengchang (@meituan-zhengchang); the current version is v1.0.8.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments