← Back to Skills Marketplace
103
Downloads
0
Stars
1
Active Installs
3
Versions
Install in OpenClaw
/install cms-report-issue
Description
用于"反馈问题 / 报 bug / 上报错误 / 提交 issue / 查看 Skill 问题列表 / 标记问题已解决 / 关闭问题"。处理 Skill 使用过程中遇到的报错、异常、改进建议;支持 stdin 管道接收错误输出。是 cms-create-skill 与 cms-push-skill 的统一问题反馈入口
README (SKILL.md)
CMS Skill 问题上报工具
当前版本: v1.0.1
cms-report-issue 只负责问题闭环:
- 提交问题。
- 查看问题列表和统计。
- 解决或关闭问题。
cms-create-skill 和 cms-push-skill 如果遇到问题反馈场景,统一转交到这里处理。
能力总览
| # | 能力 | 脚本 | 需要登录 |
|---|---|---|---|
| 1 | 提交问题 | scripts/issue_report/report_issue.py |
否 |
| 2 | 查看问题列表 | scripts/issue_report/list_issues.py |
否 |
| 3 | 更新问题状态 | scripts/issue_report/update_issue.py |
是 |
路由
- 上报问题:
python3 cms-report-issue/scripts/issue_report/report_issue.py --skill-code my-skill --version 1.0.0 --error "..." - 管道上报:
python3 some_script.py 2>&1 | python3 cms-report-issue/scripts/issue_report/report_issue.py --skill-code my-skill --stdin - 查看问题:
python3 cms-report-issue/scripts/issue_report/list_issues.py --skill-code my-skill - 查看统计:
python3 cms-report-issue/scripts/issue_report/list_issues.py --stats - 解决问题:
python3 cms-report-issue/scripts/issue_report/update_issue.py --issue-id abc123 --status resolved --resolution "已修复" - 关闭问题:
python3 cms-report-issue/scripts/issue_report/update_issue.py --issue-id abc123 --status closed
规则
- 问题提交、查看、关闭统一使用
scripts/issue_report/下的脚本。 - 需要鉴权的动作只有问题状态更新;鉴权统一通过
cms-auth-skills准备access-token。 - 问题上报失败不应阻塞原始业务流程;装饰器模式下异常仍需重新抛出。
- 所有说明文档统一使用 Markdown,不维护旧接口文档目录。
能力树
cms-report-issue/
├── SKILL.md
├── references/
│ └── issue-report/
│ └── README.md
├── github-issue-templates/
│ ├── config.yml
│ ├── bug_report.yml
│ ├── feature_request.yml
│ └── ...
└── scripts/
└── issue_report/
├── README.md
├── list_issues.py
├── report_issue.py
└── update_issue.py
Usage Guidance
This skill implements report/list/update of issues and calls a remote API by default (https://skills.mediportal.com.cn). Before installing: 1) Inspect or run the included Python scripts locally — they will POST error text (including stdin) to the remote service. 2) Be cautious that the scripts disable TLS certificate checks (insecure — enables MITM). 3) Note they read XG_USER_TOKEN/access-token/ACCESS_TOKEN from the environment even though metadata didn't declare credentials; avoid having sensitive tokens in your environment when running these scripts. 4) If you need this functionality, prefer to (a) set --api-base to a trusted endpoint you control, (b) remove or fix the _ssl_context TLS bypass, and (c) ensure tokens are provided explicitly and documented (or use cms-auth-skills as intended). 5) If uncertain, run the scripts in an isolated environment/container and audit network traffic before enabling in production.
Capability Analysis
Type: OpenClaw Skill
Name: cms-report-issue
Version: 1.0.2
The skill bundle contains scripts (list_issues.py, report_issue.py, update_issue.py) that explicitly disable SSL certificate verification (ssl.CERT_NONE) while transmitting sensitive authentication tokens—retrieved from environment variables like XG_USER_TOKEN—to a remote API (https://skills.mediportal.com.cn). While this behavior is a critical security vulnerability that exposes credentials to Man-In-The-Middle (MITM) attacks, it appears to be a significant architectural flaw rather than intentional malware, as the logic aligns with the stated purpose of issue reporting and management.
Capability Assessment
Purpose & Capability
The scripts' network calls to a central issue-management API (https://skills.mediportal.com.cn) are coherent with the skill's stated purpose of reporting and listing issues. However the SKILL metadata declares no required env vars or credentials while the code reads token environment variables for auth; that omission is inconsistent and surprising.
Instruction Scope
SKILL.md and scripts instruct the agent/user to run included Python scripts which will POST data to a remote API and optionally update issue status. The instructions reference 'cms-auth-skills' to prepare an access-token, but the skill does not declare or require any env vars — the scripts nonetheless read XG_USER_TOKEN / access-token / ACCESS_TOKEN. The scripts also accept stdin and can include arbitrary error output in reports, meaning potentially sensitive logs could be sent to the external endpoint.
Install Mechanism
No install spec (instruction-only) which minimizes install-time risks. However the bundle includes Python scripts that assume a Python 3 runtime is present and will be executed; SKILL metadata does not list required binaries (python3), which is an inconsistency but not an intrinsic supply-chain risk.
Credentials
The code reads environment variables named XG_USER_TOKEN / access-token / ACCESS_TOKEN and will include them as an 'access-token' HTTP header when present. The skill metadata did not declare these required/optional env vars. Requesting or using access tokens is reasonable for updating issues, but the lack of declaration and the scripts' ability to upload arbitrary stdin/logs creates an exfiltration risk if sensitive data or unrelated tokens are present in the environment.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent platform privileges. It does not modify other skills or system-wide settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install cms-report-issue - After installation, invoke the skill by name or use
/cms-report-issue - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
CMS Skill 创建工具更新 - 版本 1.21.1,优化技能创建流程和文档结构
v1.0.1
- 更新 SKILL.md,版本号由 v1.0.0 升级为 v1.0.1
- 其他文档内容和功能保持不变
v1.0.0
- Initial release of cms-report-issue v1.0.0.
- Provides unified tools to report, list, and update issues for CMS skills.
- Supports direct and piped error reporting, issue statistics, and state updates (resolved/closed).
- Only issue status updates require authentication via cms-auth-skills.
- Centralizes all problem feedback from cms-create-skill and cms-push-skill into one entrypoint.
Metadata
Frequently Asked Questions
What is Cms Report Issue?
用于"反馈问题 / 报 bug / 上报错误 / 提交 issue / 查看 Skill 问题列表 / 标记问题已解决 / 关闭问题"。处理 Skill 使用过程中遇到的报错、异常、改进建议;支持 stdin 管道接收错误输出。是 cms-create-skill 与 cms-push-skill 的统一问题反馈入口. It is an AI Agent Skill for Claude Code / OpenClaw, with 103 downloads so far.
How do I install Cms Report Issue?
Run "/install cms-report-issue" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Cms Report Issue free?
Yes, Cms Report Issue is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Cms Report Issue support?
Cms Report Issue is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Cms Report Issue?
It is built and maintained by spzwin (@spzwin); the current version is v1.0.2.
More Skills