← Back to Skills Marketplace
asazhangyongchao

asiasea-bi

by zhahngyongchao · GitHub ↗ · v1.0.3 · MIT-0
cross-platform ⚠ suspicious
308
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install asiasea-bi
Description
飞书集成智能数据网关,支持企业异构系统动态映射与切换、基于自然语言时间语义推导的真实 API 数据穿透与可视化快照固化发布。
README (SKILL.md)

🌌 金灯塔智能 BI Skill (Cognitive Data Agent)

描述

本 skill 是金灯塔数据中枢的 OpenClaw 认知代理适配版本。依托动态元数据路由机制,允许用户通过自然语言精确穿透企业各类异构微服务架构,实时提取核心业务度量快照,并将多维数据流一键投影并发布为可视化研报。(异步定时调度路由由 OpenClaw 平台原生编排引擎接管)

代码仓库: asiasea-ai/bi

可用交互协议流

  • 安全握手与鉴权: 初始化
  • 域感知与上下文注入: 切换系统 [目标业务域] (如:切换系统 核心业务节点A)
  • 高阶语义数据查询 (强制收敛时间边界):
    • 查询本月的[核心业务指标]
    • 提取上一时间周期的[度量矩阵数据]及趋势演进
  • 拓扑快照固化发布:
    • 把刚才的数据快照发布到系统

架构安全声明

完全兼容 OpenClaw 的 handle 同步函数规范。底层映射真实零信任鉴权接口与业务元数据网络,具备启发式意图时间推导引擎,100% 拒绝数据幻觉与异常兜底伪装。系统生成的纯静态 DOM 快照严格落实凭证隔离,确保核心物理数据的绝对安全。

Usage Guidance
This skill claims strict credential isolation but the code embeds API headers/tokens (base64) inside HTML reports and uploads them to a remote archive endpoint — that can leak credentials if the uploaded snapshot is accessible. Before installing: 1) refuse to run in production until generate_html is changed to never include raw headers/tokens in client-visible artifacts; instead use server-side artifact generation or remove headers entirely. 2) Confirm the remote endpoints (o.yayuit.cn, e.asagroup.cn) are owned/trusted by your organization and acceptable for uploading sensitive reports. 3) Review and protect the .session_*.json files (they may contain tokens); ensure they are encrypted or stored in a secure path, and verify retention/cleanup behavior. 4) Resolve the README/LICENSE contradiction about public repo access and confirm licensing. 5) Consider a security review or require the vendor to provide a version that strips secrets from snapshots and documents exact data flows. If you cannot validate these, label the skill untrusted for sensitive data.
Capability Analysis
Type: OpenClaw Skill Name: asa-bi Version: 1.0.3 The skill functions as a BI data gateway but exhibits high-risk credential handling and data exposure patterns. In `main.py`, the `generate_html_report` function embeds sensitive authentication headers and API tokens (obfuscated only by Base64) directly into HTML files, which are then uploaded to a remote endpoint (`o.yayuit.cn`) for public/semi-public preview. While aligned with the stated purpose of generating visual reports, this practice constitutes a significant security vulnerability. The skill also stores session tokens in local JSON files and communicates with external domains `o.yayuit.cn` and `e.asagroup.cn` to retrieve corporate financial data (budgets and expenses).
Capability Assessment
Purpose & Capability
Name/description: BI / Feishu integration. Implementation: Python code calls asiagroup/yayuit endpoints to list systems, obtain system tokens, upload/publish HTML reports. Expected: a Feishu-integrated skill would normally show explicit Feishu API usage or require Feishu credentials; this code does not. The repo/README/license claim private proprietary usage while SKILL.md instructs cloning via public [email protected]; small metadata version mismatch (manifest lists 1.0.4 while registry metadata shows 1.0.3).
Instruction Scope
SKILL.md instructs cloning/deploying and runtime ‘初始化’/‘切换系统’ flows. The runtime instructions claim strict credential isolation, but main.py's generate_html function embeds a base64-encoded payload that includes API URL and headers (headers_dict) into the generated HTML and then the skill uploads that HTML to an OSS endpoint — this directly contradicts the '凭证隔离' claim and risks leaking tokens via uploaded snapshots.
Install Mechanism
No install spec; code is bundled in the skill (main.py). No external arbitrary downloads or extract operations. Uses the Python requests library (standard for network interaction).
Credentials
Skill declares no required env vars or credentials, but it obtains system tokens from remote APIs and stores per-user session files under the skill directory. It then includes headers/tokens in generated HTML (base64) which is uploaded — this is disproportionate to the 'do not expose credentials' guarantees and increases risk of secret leakage. The LICENSE forbids publishing the software to public repos, but the README suggests cloning from GitHub — a policy/usage inconsistency.
Persistence & Privilege
always:false (normal). The skill writes per-user session files (.session_<id>.json) into the skill directory (BASE_DIR). Writing session state to disk is expected for multi-session logic, but these files may contain system_auth_headers and should be treated as sensitive; the skill also persists generated reports to OSS via upload endpoint.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install asiasea-bi
  3. After installation, invoke the skill by name or use /asiasea-bi
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
No user-facing changes in this version. - No file changes detected; documentation and functionality remain unchanged.
v1.0.2
- Skill名称变更为“asiasea-bi”,并更新了仓库地址为“asiasea-ai/bi”。 - description大幅升级,明确说明支持飞书集成、异构系统动态映射、自然语言时间语义推导及可视化快照发布。 - 丰富了triggers列表,新增了“系统列表”、“报表”、“数据看板”、“BI”、“统计”、“趋势”、“度量”、“查询”、“发布”等多项调用词。 - 保持功能与核心交互描述不变,完善场景与调用入口定义。
v1.0.1
- Renamed the skill from 金灯塔BI to ccc-bi. - Updated the description to focus on cognitive BI agent capabilities and dynamic metadata routing. - Revised and expanded the example user interactions, emphasizing semantic data queries and advanced snapshot publishing. - Clarified architecture security with zero-trust principles and isolated static DOM snapshot enforcement. - Adjusted repository reference to the new namespace.
v1.0.0
金灯塔BI 1.0.0 首次发布 - 推出多系统(E网、供应链)切换及自然语言报表检索 - 支持基于真实 API 的精确报销单与部门周期预算查询,需带时间范围 - 一键发布查询结果,直连业务系统 - 兼容 OpenClaw 平台,同步调度、自动时间变量推导 - 明确拒绝假数据与兜底伪装,保障数据安全准确
Metadata
Slug asiasea-bi
Version 1.0.3
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 4
Frequently Asked Questions

What is asiasea-bi?

飞书集成智能数据网关,支持企业异构系统动态映射与切换、基于自然语言时间语义推导的真实 API 数据穿透与可视化快照固化发布。 It is an AI Agent Skill for Claude Code / OpenClaw, with 308 downloads so far.

How do I install asiasea-bi?

Run "/install asiasea-bi" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is asiasea-bi free?

Yes, asiasea-bi is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does asiasea-bi support?

asiasea-bi is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created asiasea-bi?

It is built and maintained by zhahngyongchao (@asazhangyongchao); the current version is v1.0.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments