← Back to Skills Marketplace
123
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install pku-info-common
Description
Shared library crate (info-common) providing IAAA authentication, OTP, session persistence, credential resolution, and QR rendering for PKU CLI tools. Use th...
Usage Guidance
This SKILL.md appears to document a legitimate PKU auth helper, but it references sensitive resources (OS keyring, ~/.config/info/<tool>/session.json and cookies.json, and env vars like PKU_PASSWORD / PKU_SMS_CODE) while the skill metadata declares none of those requirements and provides no source or homepage. Before installing: 1) ask the publisher for the source repository or a copy of the crate code so you can verify it does not exfiltrate secrets; 2) confirm whether your agent/runtime will allow the skill to access the OS keyring and ~/.config paths — if so, consider restricting or auditing those accesses; 3) do not set PKU_PASSWORD or PKU_SMS_CODE environment variables in a global context until you trust the code; 4) prefer an explicitly-declared, signed release (or a vendor with a homepage) over an anonymous instruction-only skill. If the maintainer provides the crate source and explicit required-env/config declarations that match the SKILL.md, my confidence in a benign assessment would increase.
Capability Analysis
Type: OpenClaw Skill
Name: pku-info-common
Version: 1.0.0
The skill bundle describes a shared authentication library (info-common) for Peking University (PKU) CLI tools, handling IAAA SSO, TOTP, and session management. It follows security best practices by utilizing OS-level keyrings (via the 'keyring' crate) for credential storage, explicitly instructing AI agents never to pass passwords as CLI arguments, and storing sessions locally in ~/.config/info/, with no evidence of malicious data exfiltration or unauthorized execution.
Capability Tags
Capability Assessment
Purpose & Capability
The name and description (shared auth/session/OTP/QR helper for PKU CLI tools) match the SKILL.md content: it documents iaaa, otp, session, credential resolution, and qr modules and how consumers should integrate. The capabilities described are coherent for a shared auth crate.
Instruction Scope
The runtime instructions tell agents to use keyring-backed credential resolution, read/write session files under ~/.config/info/<name>/ (session.json, cookies.json), and to set environment variables (PKU_SMS_CODE) for SMS flow. The skill also tells agents to run consumer CLI commands (info-auth check, <tool> login -p). These instructions go beyond mere documentation — they describe accessing local secrets and on-disk session state, but the skill metadata does not declare those accesses.
Install Mechanism
No install spec or code is included; the skill is instruction-only, so there is no installer that would write or execute code on disk. This is lower installation risk but also means you cannot inspect code until a code release/source is provided.
Credentials
The SKILL.md references environment variables PKU_USERNAME, PKU_PASSWORD, PKU_SMS_CODE and describes using OS keyring backends and session files, but the skill metadata lists no required env vars, no primary credential, and no required config paths. That mismatch is important: the instructions expect access to secrets (env vars, keyring, session files) but the declared requirements do not disclose or justify that access. Requiring or instructing use of SMS codes and keyring is plausible for an auth helper, but it should be declared explicitly and the source reviewed before granting access.
Persistence & Privilege
The skill is not always-enabled and does not request persistent elevated platform privileges. It does instruct use of local session storage and keyring, but it does not itself request to persist in agent configuration or modify other skills. No 'always: true' or other high-privilege flags are present.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pku-info-common - After installation, invoke the skill by name or use
/pku-info-common - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
info-common 2.0.0 is a major update to the shared PKU authentication library crate, featuring restructured modules and enhanced credential management:
- Provides unified IAAA authentication, TOTP/OTP, session & cookie storage, OS keyring credential resolution, and terminal QR rendering for CLI tools (treehole, course, campuscard, elective, info-auth).
- Introduces detailed credential resolution priority: keyring, environment variables, then interactive entry, with passwords never stored on disk.
- Expands session persistence with error context and structured storage under `~/.config/info/<name>/`.
- All user-facing strings are now in Chinese and error handling improved.
- Adds comprehensive guidelines for building and integrating new CLI tools with shared authentication logic.
Metadata
Frequently Asked Questions
What is PKU Info Common?
Shared library crate (info-common) providing IAAA authentication, OTP, session persistence, credential resolution, and QR rendering for PKU CLI tools. Use th... It is an AI Agent Skill for Claude Code / OpenClaw, with 123 downloads so far.
How do I install PKU Info Common?
Run "/install pku-info-common" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is PKU Info Common free?
Yes, PKU Info Common is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does PKU Info Common support?
PKU Info Common is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created PKU Info Common?
It is built and maintained by wjsoj (@wjsoj); the current version is v1.0.0.
More Skills