← Back to Skills Marketplace
Devin_dingcheng
by
Devingonggz
· GitHub ↗
· v1.0.0
386
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install chengding-level-sensor
Description
读取橙丁物联液位传感器设备状态。使用场景:(1)查询液位传感器在线状态 (2)获取设备开关状态 (3)定时监控液位设备。需要提前配置 key、tel、imei 参数。
README (SKILL.md)
橙丁物联液位传感器
快速查询
curl -s -X POST "https://www.cd6969.com/admin.php?s=/Admin/ApiV2/getList.html" \
-H "Content-Type: application/json" \
-d '{"key":"你的KEY","tel":"你的手机号"}'
配置参数
| 参数 | 值 |
|---|---|
| key | 你的KEY |
| tel | 你的手机号 |
| imei | 你的IMEI |
响应说明
online: 1=在线, 0=离线status: 开关状态,最长8位,第1位表示第1路状态- 0=已关闭
- 1=已打开
- 2=关闭中
- 3=打开中
- 4=点动中
- 5=点动完成或已关闭
使用脚本
./scripts/get_status.sh
返回 JSON 格式的设备状态。
Usage Guidance
This skill appears to perform legitimate queries against a vendor API, but it has several things you should consider before running or installing it:
- Do not paste real keys/phone numbers into the script file in plaintext. Instead, modify the script to read KEY, TEL, and IMEI from environment variables or a protected config file, or prompt at runtime.
- The script uses jq (and curl). Ensure jq is installed from a trusted package source before running. The skill metadata should list these dependencies but does not — treat that as an omission.
- Verify the endpoint (https://www.cd6969.com) is the legitimate vendor service you expect. If you do not recognize the domain, validate with the device vendor or use network isolation/testing with dummy credentials.
- Review the script locally before executing. It is short and readable; ensure it only posts the device key/tel and parses the response as shown.
- For safer testing, use dummy values and run in an isolated environment (container/VM) first.
If you plan to use this skill long-term, ask the publisher to: declare required binaries (curl, jq), provide a secure configuration method (env vars or secret store) rather than hard-coded credentials, and include a brief security note about what data is sent to the vendor endpoint.
Capability Analysis
Type: OpenClaw Skill
Name: chengding-level-sensor
Version: 1.0.0
The `scripts/get_status.sh` script makes an external network call to `https://www.cd6969.com` to retrieve sensor data, which aligns with the skill's stated purpose. However, the script directly interpolates user-provided `KEY` and `TEL` values into a JSON string for the `curl -d` argument without proper sanitization. This lack of input sanitization creates a vulnerability where special characters in these inputs could lead to malformed JSON or potential JSON injection, classifying the skill as suspicious.
Capability Assessment
Purpose & Capability
Name/description match the included behavior: the SKILL.md and script call https://www.cd6969.com/admin.php?s=/Admin/ApiV2/getList.html to retrieve device status. However the skill metadata declares no required binaries or env vars while the script requires curl and jq and the README instructs the user to configure key/tel/imei — these deployment requirements are not declared in the registry metadata.
Instruction Scope
Runtime instructions and the script instruct you to place secrets (KEY, TEL, IMEI) directly in scripts (plaintext). The script posts key and tel to an external endpoint and parses the response with jq. The instructions do not recommend secure handling of credentials, nor do they offer alternative (env vars or prompts). While the network call is expected for this purpose, asking users to hard-code private values into a file broadens risk.
Install Mechanism
No install spec (instruction-only) which minimizes installation risk. However the script depends on runtime tools (curl, jq) but the skill metadata did not declare them; that mismatch is a procedural omission that could lead users to run missing/unknown binaries.
Credentials
The skill only needs device-specific values (key, phone, imei) which are proportionate to its purpose, but it does not declare them as required environment variables and instead expects them embedded into the script. That encourages insecure handling of secrets. There are no unrelated cloud or system credentials requested.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system settings, and has no install-time persistence. Autonomous invocation is allowed by platform default but not combined with other concerning privileges here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install chengding-level-sensor - After installation, invoke the skill by name or use
/chengding-level-sensor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
chengding-level-sensor v1.0.0 – 初始版本发布
- 支持查询橙丁物联液位传感器设备状态。
- 提供设备在线状态和开关状态查询。
- 支持通过 shell 脚本和 curl 接口获取数据。
- 需提前配置 key、tel、imei 参数。
Metadata
Frequently Asked Questions
What is Devin_dingcheng?
读取橙丁物联液位传感器设备状态。使用场景:(1)查询液位传感器在线状态 (2)获取设备开关状态 (3)定时监控液位设备。需要提前配置 key、tel、imei 参数。 It is an AI Agent Skill for Claude Code / OpenClaw, with 386 downloads so far.
How do I install Devin_dingcheng?
Run "/install chengding-level-sensor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Devin_dingcheng free?
Yes, Devin_dingcheng is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Devin_dingcheng support?
Devin_dingcheng is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Devin_dingcheng?
It is built and maintained by Devingonggz (@devingonggz); the current version is v1.0.0.
More Skills