← Back to Skills Marketplace
84
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install quicker-connector
Description
与 Quicker 自动化工具集成,读取、搜索和执行 Quicker 动作列表。支持 CSV 和数据库双数据源,智能匹配用户需求并调用本地 QuickerStarter 执行。
Usage Guidance
This package appears to be what it claims: a local Quicker integration that reads a CSV/SQLite export and calls QuickerStarter.exe. Before installing: 1) Confirm you run this on Windows with Quicker and QuickerStarter.exe present (or set starter_path to the correct executable). 2) Inspect scripts/quicker_connector.py (and any runner code) to confirm subprocess calls are limited to QuickerStarter.exe and that parameters are validated/sanitized. 3) Install the chardet library if you want robust encoding detection (encoding_detector.py imports chardet but the package metadata does not declare it). 4) Be cautious with auto-execution: set auto_select_threshold high (e.g., 0.8–0.9) if you prefer confirmation before actions run. 5) If you will deploy this in a shared or sensitive environment, restrict who can edit the skill's starter_path/config to avoid pointing the skill at arbitrary executables. If you want, paste the critical parts of scripts/quicker_connector.py here and I can review the exact subprocess/IO behavior line-by-line.
Capability Analysis
Type: OpenClaw Skill
Name: quicker-connector
Version: 1.2.0
The skill provides integration with the Quicker automation tool but exhibits several high-risk discrepancies and vulnerabilities. Most notably, scripts/quicker_connector.py contains a QuickerPushRunner class that performs network requests to an external API (push.getquicker.cn), directly contradicting the security claims in SKILL.md and skill.json that state 'no network access.' Furthermore, the execute_action function uses subprocess.Popen with shell=True on Windows, which, combined with the lack of input sanitization for action parameters, creates a significant risk for shell injection (RCE) if the AI agent is manipulated by a user. While these may be unintentional design flaws or undocumented features, the combination of misleading security documentation and critical execution vulnerabilities warrants a suspicious classification.
Capability Assessment
Purpose & Capability
The name/description say it integrates with Quicker, and the repository supplies CSV/SQLite readers and a runner that invokes QuickerStarter.exe. File-system and subprocess permissions declared in manifests align with reading CSV/DB and launching a local QuickerStarter executable. Defaults for csv/db/starter paths match expected Quicker locations.
Instruction Scope
SKILL.md and SKILL_OPTIMIZED.md restrict file I/O to config and user-specified paths and claim no network access; runtime instructions focus on reading CSV/DB, matching actions, and invoking QuickerStarter. However, documentation and README include installation/publishing instructions that show downloading releases (GitHub/ClawHub) for setup—those are developer/install-time actions, not runtime behavior. Also verify that the code actually limits subprocess calls to QuickerStarter.exe and sanitizes parameters as claimed (the manifest says it does; user should inspect scripts/quicker_connector.py to confirm).
Install Mechanism
There is no formal install spec in the registry (the skill is delivered as source files). That is lower risk than arbitrary remote install scripts, but README contains example wget/git/ClawHub install commands which would fetch code from GitHub/ClawHub if followed. One minor inconsistency: encoding_detector.py imports chardet but package metadata declares no runtime dependencies—ensure chardet is installed on the target system before running encoding detection.
Credentials
The skill requests no environment variables or external credentials. It needs read/write access to user-specified CSV/DB paths and to write its own config.json—this is proportionate to listing and executing Quicker actions. The default db_path/starter_path point at typical Quicker locations; reading the Quicker DB may expose local action metadata but that is the stated purpose.
Persistence & Privilege
The skill is not always-enabled and uses normal autonomous invocation. It declares subprocess permission limited to QuickerStarter.exe which is appropriate, but the configurable 'starter_path' setting means an operator with permission to edit the skill settings could point it at another executable; verify parameter validation and consider restricting the configured path if you want to limit misuse. The skill does not request to modify other skills or system-wide settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install quicker-connector - After installation, invoke the skill by name or use
/quicker-connector - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.0
- 增加了数据库作为新的数据源,实现 CSV 与 SQLite 双模式读取。
- 优化智能匹配:支持多字段(名称、描述、类型、分类)搜索和筛选。
- 新增自动编码检测,提升 CSV 兼容性。
- 配置项扩展:支持路径、阈值、最大结果量等多项目灵活调整。
- 文档与安全说明全面更新,增强用户指引和数据安全性。
Metadata
Frequently Asked Questions
What is quicker-connector?
与 Quicker 自动化工具集成,读取、搜索和执行 Quicker 动作列表。支持 CSV 和数据库双数据源,智能匹配用户需求并调用本地 QuickerStarter 执行。 It is an AI Agent Skill for Claude Code / OpenClaw, with 84 downloads so far.
How do I install quicker-connector?
Run "/install quicker-connector" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is quicker-connector free?
Yes, quicker-connector is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does quicker-connector support?
quicker-connector is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created quicker-connector?
It is built and maintained by awamwang (@awamwang); the current version is v1.2.0.
More Skills