← Back to Skills Marketplace
136
Downloads
0
Stars
0
Active Installs
5
Versions
Install in OpenClaw
/install cs-qweather-jwtgen
Description
和风天气 JWT Token 生成工具。当需要生成、刷新和风天气 API 的 JWT 认证 Token 时使用此 skill。
README (SKILL.md)
cs-qweather-jwtgen
和风天气 JWT Token 生成工具 — 使用 EdDSA 算法生成认证 Token。
技能职责
当需要生成或刷新和风天气 API 的 JWT 认证 Token 时使用此 skill。
Token 有效期 24 小时,过期后需要重新生成。
环境变量
| 变量 | 必填 | 说明 |
|---|---|---|
QWEATHER_SUB |
✅ | 和风账户的用户标识(sub 字段) |
QWEATHER_KID |
✅ | 和风账户的密钥 ID(kid 字段) |
QWEATHER_API_HOST |
否 | 和风 API Host(生成脚本本身不需要,预警/天气脚本需要) |
自动加载:脚本使用
dotenv库自动从~/.openclaw/.env加载变量(override=True,强制读取最新值避免旧进程缓存干扰),在 OpenClaw 环境下可直接使用。
文件要求
私钥文件
必须位于 ~/.myjwtkey/ed25519-private.pem,权限应为 600。
chmod 600 ~/.myjwtkey/ed25519-private.pem
Token 输出文件
生成后自动保存到 ~/.myjwtkey/last-token.dat(覆盖写入)。
其他和风天气脚本(如 cs-qweather-alert)会从此文件读取 Token。
使用方法
python3 cs-qweather-jwtgen/scripts/generateJWTtoken.py
示例输出
[22:50:53] Private key: ~/.myjwtkey/ed25519-private.pem
[22:50:53] Private key loaded (119 chars, masked)
[22:50:53] sub: 4G***ER
[22:50:53] kid: KJ***9T
[22:50:53] iat=1775746223, exp=1775830253, sub=4G***ER, kid=KJ***9T
[22:50:53] Generating JWT ...
[22:50:53] JWT generated [masked: ey***Bg]
[22:50:53] Token saved to: ~/.myjwtkey/last-token.dat
[JWT Token]
eyJhb...
日志
- 位置:
/tmp/cslog/generateJWTtoken-YYYYMMDD.log - 脱敏:sub、kid、JWT Token 均只显示前2后2位
依赖
- Python 3
pyjwt:pip install pyjwt
Usage Guidance
This skill's code does what it says (generates EdDSA JWTs for 和风天气) and writes the token to ~/.myjwtkey/last-token.dat, but there are a few red flags to consider before installing:
- Confirm required inputs: The registry metadata lists no required env vars, but the SKILL.md and script require QWEATHER_SUB and QWEATHER_KID. Make sure you know and trust where you'll provide these values.
- Inspect ~/.openclaw/.env: The script attempts to auto-load that file (dotenv with override=True). That may overwrite process env vars and can contain other secrets. Review its contents before allowing the skill to run.
- Verify private key location and permissions: The script expects your Ed25519 private key at ~/.myjwtkey/ed25519-private.pem and will read it. Ensure the file is the key you intend to use and has safe permissions (the script sets token file to 600 but you should confirm the private key file is protected).
- Run in an isolated environment first: If you are unsure, run the script in a test account or sandbox so you can verify behavior (no network calls are present, but it will read/write local files).
- Dependency hygiene: Install pyjwt from a trusted source and avoid untrusted forks. The script optionally uses python-dotenv; if you install that, ensure it's from PyPI.
If you require more assurance, ask the skill author to update registry metadata to declare QWEATHER_SUB and QWEATHER_KID as required and to document explicit file path usage, or request a signed/verified source URL and owner provenance before trusting the skill.
Capability Analysis
Type: OpenClaw Skill
Name: cs-qweather-jwtgen
Version: 1.4.0
The skill is a utility for generating QWeather API JWT tokens using the EdDSA algorithm. The script `scripts/generateJWTtoken.py` reads a private key from a local path (~/.myjwtkey/ed25519-private.pem) and environment variables from a standard OpenClaw configuration file, then outputs the signed token. The code is well-documented, includes data masking for its logging functionality, and contains no evidence of network exfiltration, malicious execution, or prompt injection.
Capability Tags
Capability Assessment
Purpose & Capability
The code and SKILL.md match the described purpose (EdDSA JWT generation for 和风天气). However the registry metadata lists no required environment variables or credentials while SKILL.md and the script require QWEATHER_SUB and QWEATHER_KID and a local private key path; this mismatch is an integrity concern (the skill will fail or behave unexpectedly if required inputs are not provided).
Instruction Scope
The runtime instructions and the script stay within the stated task: read a local private key, read environment variables, generate a JWT with pyjwt, write the token to ~/.myjwtkey/last-token.dat, and log to /tmp/cslog. The script does not attempt network calls or other unrelated data collection.
Install Mechanism
No install spec; this is instruction-only with a Python script. Dependencies are minimal (pyjwt, optional python-dotenv). There is no downloading of remote archives or execution of arbitrary installers.
Credentials
The script requires QWEATHER_SUB and QWEATHER_KID but the registry metadata declared none; SKILL.md documents these but the platform-level metadata omission is an inconsistency. The script also auto-loads ~/.openclaw/.env (dotenv.load_dotenv(..., override=True)) which reads a user-specific env file and will override environment variables — this is sensitive because that file may contain other secrets. The skill reads a private key at ~/.myjwtkey/ed25519-private.pem and writes ~/.myjwtkey/last-token.dat; these file accesses are expected for the task but are not declared in the registry metadata.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It persists the generated token locally (~/.myjwtkey/last-token.dat) and writes logs to /tmp/cslog; this is reasonable for its function, but users should be aware of local file writes.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install cs-qweather-jwtgen - After installation, invoke the skill by name or use
/cs-qweather-jwtgen - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.4.0
- dotenv 加载环境变量时的 override 由 False 改为 True,确保始终读取最新值防止旧进程缓存干扰
- 文档相应更新说明 override=True,提升多进程场景下的可靠性
v1.3.0
**Added dotenv support for environment variable loading.**
- Now automatically loads environment variables from `~/.openclaw/.env` using the `dotenv` library.
- Existing environment variables are not overwritten (`override=False`).
- Improves compatibility in OpenClaw and similar environments.
- Updated documentation to reflect the new environment variable loading method.
v1.2.0
- Adds automatic environment variable loading from ~/.bashrc if not set, ensuring compatibility in non-interactive environments.
- Documents the new environment variable QWEATHER_API_HOST (not required for token generation, but for related scripts).
- Updates usage instructions and documentation for improved clarity.
v1.1.0
- Refreshed documentation with reorganized sections for better clarity and usability.
- Expanded environment variable and file requirements details, including table formatting and permission instructions.
- Added explicit token output usage and example output log for easier integration.
- Clarified logging location and masking behavior for sensitive information.
- Introduced _meta.json metadata file to the project.
v1.0.0
初始版本:支持生成和风天气 JWT Token,自动保存到 ~/.myjwtkey/last-token.dat
Metadata
Frequently Asked Questions
What is Cs Qweather Jwtgen?
和风天气 JWT Token 生成工具。当需要生成、刷新和风天气 API 的 JWT 认证 Token 时使用此 skill。 It is an AI Agent Skill for Claude Code / OpenClaw, with 136 downloads so far.
How do I install Cs Qweather Jwtgen?
Run "/install cs-qweather-jwtgen" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Cs Qweather Jwtgen free?
Yes, Cs Qweather Jwtgen is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Cs Qweather Jwtgen support?
Cs Qweather Jwtgen is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Cs Qweather Jwtgen?
It is built and maintained by Chenfeng (@savior1987); the current version is v1.4.0.
More Skills