← Back to Skills Marketplace
114
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install qique-ai
Description
Use this skill when an agent needs to answer or plan operations for QiQue business requests in pure text protocol mode (no local executable dependency). Trig...
Usage Guidance
This skill appears to be an instruction-only QiQue API helper, but it asks the agent to load and persist API credentials from config/qique.config.json and to prompt you for app_id/app_secret. The package also contains a cleartext distribution_app_secret. Before installing or using this skill:
- Do not paste your production app_secret into the agent until you confirm where/how the credentials will be stored (encrypted storage, retention policy, who can access them).
- Prefer creating a limited-scope or temporary/test QiQue API key for use with this skill, and rotate/revoke it after testing.
- Ask the skill author (or registry) to declare required config paths/credentials explicitly in the metadata and to remove embedded secrets from the package.
- Confirm that your platform's agent storage will not expose persisted secrets to other skills or logs.
- If you cannot verify secure storage and the trustworthiness of the skill source, do not provide real credentials; use test credentials only.
Given the metadata/instruction mismatch and embedded secret, treat this skill as potentially risky until the above clarifications are provided.
Capability Analysis
Type: OpenClaw Skill
Name: qique-ai
Version: 1.0.0
The skill bundle implements a text-based protocol for the QiQue (企雀) medical beauty system that explicitly instructs the AI agent to solicit, persist, and reuse sensitive user API credentials (app_id and app_secret) via natural language prompts. While these are functional requirements for the API integration, the prompt-driven collection and storage of secrets in the agent's memory or configuration files represent a high-risk pattern for credential harvesting. Additionally, the bundle contains hardcoded distribution credentials (distribution_app_id: 'longxiaqique') and a specific MD5-based signature logic in references/methods.md, which targets the endpoint https://pre-e.qique.cn/index.php?r=data/api/.
Capability Assessment
Purpose & Capability
The skill's name/description match QiQue API helper behavior, but the declared registry metadata lists no required config paths or credentials while the SKILL.md explicitly requires loading/saving credentials from config/qique.config.json. That mismatch (declared requirements: none vs runtime: requires config keys app_id/app_secret/distribution_*) is incoherent. The repo also contains a populated distribution_app_secret in config/qique.config.json, which implies the skill embeds an operational secret rather than relying solely on user-provided credentials.
Instruction Scope
The SKILL.md instructs the agent to (a) load credentials from config/qique.config.json or session state, (b) persist credentials between turns (store/overwrite them), and (c) request app_id/app_secret from the user when missing. These instructions cause the agent to read and store secrets and do not specify secure storage boundaries or limits on retention. The skill does not instruct the agent to send credentials to any unexpected remote endpoint, but the instruction to persist secrets in agent memory/config is broad and under-specified.
Install Mechanism
No install spec and no code files to execute — the skill is instruction-only. This minimizes installation risk because nothing is downloaded or executed at install time.
Credentials
No environment variables or config paths were declared in the registry metadata, but the instructions require reading config/qique.config.json and retaining app_id/app_secret and distribution_* values. The repository includes a cleartext distribution_app_secret value — embedding a secret in the skill package is unnecessary for a third-party consumer and increases risk. Asking users to input their app_id/app_secret and then persist them in agent state is disproportionate unless the user understands where and how those secrets will be stored and protected.
Persistence & Privilege
The skill requires keeping credentials persistent between turns and overwriting them when the user provides new values. While always:false (normal), the explicit instruction to persist secrets and reuse them across sessions grants the skill effective long-term access to user credentials unless the platform enforces secure storage and access controls. The SKILL.md gives no constraints on retention, encryption, or scope of reuse.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install qique-ai - After installation, invoke the skill by name or use
/qique-ai - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
企雀系统AI助手,支持通过聊天互动来实现查询、编辑等多项操作。
Metadata
Frequently Asked Questions
What is 企雀AI助手?
Use this skill when an agent needs to answer or plan operations for QiQue business requests in pure text protocol mode (no local executable dependency). Trig... It is an AI Agent Skill for Claude Code / OpenClaw, with 114 downloads so far.
How do I install 企雀AI助手?
Run "/install qique-ai" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is 企雀AI助手 free?
Yes, 企雀AI助手 is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does 企雀AI助手 support?
企雀AI助手 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created 企雀AI助手?
It is built and maintained by Edmon (@edmon); the current version is v1.0.0.
More Skills