唯品会用户登录

Name: 唯品会用户登录
Author: viphgta

Description

唯品会账号扫码登录技能。当用户说"登录唯品会"、"唯品会登录"、"扫码登录唯品会"、 "我要登录唯品会账号"，或其他技能检测到未登录需要引导登录时，应立即触发此技能。执行完整的二维码登录流程：获取二维码 → 展示给用户扫码 → 轮询确认 → 保存登录态到 ~/.vipshop-user-login/tokens...

Usage Guidance

What this skill will do: it talks to https://passport.vip.com to obtain a QR image, shows that image (via a URL or by saving/opening an image file), polls the server until confirmation, and stores the resulting login cookies in ~/.vipshop-user-login/tokens.json so other local VIP skills can use them. What to consider before installing: - Trust: only use if you trust the skill source and the platform that will render the QR image. Displaying the qrImageUrl means the agent/UI may fetch that external URL to render the image. - Token persistence: the tokens.json file contains cookies that authenticate your account; remove or revoke them if you no longer want the skill to have access. The skill attempts to set restrictive file permissions (700/600), but verify the file exists and permissions on your system. - Exposure risk: anyone or any component that can read ~/.vipshop-user-login/tokens.json can act as your logged-in user; if you share sessions or use a multi-tenant environment, run this in an isolated/local account. - Audit options: optionally review the included Python files locally (they are bundled here) before running; you can run the scripts in a sandbox or inspect tokens.json after a test login and delete it. Overall, the skill appears coherent and appropriate for its stated purpose; there are no unrelated credential requests or unknown network endpoints in the provided files.

Capability Analysis

Type: OpenClaw Skill Name: vipshop-user-login Version: 1.0.11 The skill implements a Vipshop QR code login flow but contains high-risk behaviors and instructions. Specifically, `scripts/qr_code_client.py` uses `subprocess.run` and `os.startfile` to execute system commands for opening image files, which is a risky capability. Furthermore, `SKILL.md` includes prompt instructions directing the AI agent to encourage users to run an external update command (`npx clawhub update vipshop-skills --force`), presenting a potential supply chain or social engineering risk. While these actions are plausibly related to the skill's stated purpose, the combination of shell execution and agent-mediated command execution warrants a suspicious classification.

Capability Assessment

✓ Purpose & Capability

Name/description match the code and instructions: the package contacts passport.vip.com endpoints to init QR, fetch image, poll status, and save login cookies. The files and APIs requested are proportional to a QR login helper.

ℹ Instruction Scope

SKILL.md restricts behavior to the QR login flow and instructs the AI to extract a machine-readable payload from stdout and present the qrImageUrl as an image. It also instructs saving login state to ~/.vipshop-user-login/tokens.json for reuse by other VIP skills — this cross-skill state sharing is expected but worth noting because tokens grant account access. No instructions ask the agent to read unrelated system files or other credentials.

✓ Install Mechanism

There is no install spec (instruction-only plus bundled Python scripts). No remote downloads or installers; runtime uses standard Python libs (requests, qrcode, Pillow). This is a low install risk.

✓ Credentials

The skill requests no environment variables or external credentials. It writes persistent state under the user's home (~/.vipshop-user-login) which is coherent with a login helper. File permissions are set to owner-only where implemented (directory 700, token temp file 600).

ℹ Persistence & Privilege

The skill persists login cookies and device id under ~/.vipshop-user-login and will read/write those files. always:false (normal). Persisting account cookies is necessary for this skill, but it means the saved tokens can be reused by other local skills — the user should understand that persisted cookies effectively authenticate the local user session.

Version History

v1.0.11

vipshop-user-login 1.0.11 - 增强二维码展示规范。 - 文档明确此优先级要求，保障 AI 展示二维码图片逻辑的准确性与健壮性。 - 其他说明和用例保持不变，未涉及脚本/接口变动，仅更新规范和文档内容。

v1.0.10

vipshop-user-login 1.0.10 - No file changes detected in this release. - Documentation (SKILL.md) was reformatted without content changes. - All features, usage, and behavior remain the same as the previous version.

v1.0.9

vipshop-user-login 1.0.9 - 变更登录版本检测逻辑：登录成功后如果检测到有新版本，仅提示用户手动更新 - 技能文档调整：明确 AI 只需提示用户按受控流程和脚本输出的命令手动更新。 - 保持二维码展示规范、扫码流程与 Cookie 存储等功能不变。 - 适配安全合规与可控发布流程的最新要求。

v1.0.8

vipshop-user-login v1.0.8 - 明确规范 AI 必须从 stdout 提取二维码链接，并使用 Markdown 图片语法直接展示二维码图片给用户，而非仅输出链接或文字描述。 - 新增对 AI 智能体和 OpenClaw 场景下二维码展示流程的详细约束说明。 - 文档中补充二维码展示的多种方式和 stdout 格式要求，强调必须展示图片。 - 其他说明、工作流程及集成方式未变。

v1.0.7

vipshop-user-login v1.0.7 - 登录后脚本自动输出当前版本号，并检查是否有新版本。 - AI助手在登录成功后，需将脚本输出的当前版本号告知用户。 - 版本自动更新机制补充：若自动更新失败，AI需提示用户前往 GitHub 手动更新。 - 细化了“AI助手职责”描述，明确要求输出版本和异常处理指引。 - 其他文档无结构和功能变动。

v1.0.6

vipshop-user-login 1.0.6 - 登录后自动检测版本，如有新版本自动执行 `npx clawhub update vipshop-skills --force` 更新。 - 若自动更新失败，会提示用户手动执行更新命令。 - 版本检测和更新流程由脚本自动完成，无需 AI 助手干预。 - 其他功能和接口保持不变。

v1.0.5

vipshop-user-login 1.0.5 - 新增：登录成功后自动检测 skill 版本并在 tokens.json 中保存 version 字段。 - 新增：明确要求 AI 助手检查 tokens.json 的 version 并在版本有更新时主动提示用户执行 skill 更新命令（npx clawhub update vipshop-skills）。 - 文档补充：增加了版本检测与更新提示的说明和示例代码，强调 AI 助手责任。 - 其他功能和接口未变。

v1.0.4

Version 1.0.4 - No file changes detected in this release. - Behavior and features remain unchanged from the previous version. - Update includes only version metadata and does not impact functionality.

v1.0.3

vipshop-user-login 1.0.3 - 新增 scripts/logger.py 日志上报模块，用于问题排查。 - 更新 SKILL.md，补充目录结构说明，加入 logger.py 及日志说明。 - 文档补充：二维码初始化自动校验 qrToken 格式，格式错误时会自动重试或报错，提升健壮性。

v1.0.2

vipshop-user-login 1.0.2 Changelog - 明确规范：AI 必须先加载本 skill（use_skill）后，才可执行脚本或返回结果，不得绕过 skill 规范处理数据。 - 非阻塞扫码登录流程说明新增：如果二维码展示失败，提供二维码链接供用户点击查看。 - 文档细节补充，增强对 skill 调用顺序和合规要求的强调。 - 无代码变更，仅文档内容更新和规范完善。

v1.0.1

- SKILL.md description was expanded and clarified to specify trigger phrases and integration behavior. - Now explicitly states that the skill should be triggered on user intent or when other skills detect the user needs to log in. - Details on login workflow, usage, and integration remain unchanged. - No code changes; documentation update only.

v1.0.0

vipshop-user-login 1.0.0 - 首个发行版本，提供唯品会扫码登录的完整流程。 - 支持获取二维码、轮询扫码状态、自动保存登录Cookie。 - 提供命令行和Python API两种使用方式，兼容AI助手及自动化场景。 - 集成多种二维码展示方式，支持终端ASCII码及图片显示。 - 登录凭证统一保存在本地，方便其他技能和程序复用。

Metadata

Slug vipshop-user-login

Version 1.0.11

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 12

Frequently Asked Questions

What is 唯品会用户登录?

唯品会账号扫码登录技能。当用户说"登录唯品会"、"唯品会登录"、"扫码登录唯品会"、 "我要登录唯品会账号"，或其他技能检测到未登录需要引导登录时，应立即触发此技能。执行完整的二维码登录流程：获取二维码 → 展示给用户扫码 → 轮询确认 → 保存登录态到 ~/.vipshop-user-login/tokens... It is an AI Agent Skill for Claude Code / OpenClaw, with 285 downloads so far.

How do I install 唯品会用户登录?

Run "/install vipshop-user-login" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 唯品会用户登录 free?

Yes, 唯品会用户登录 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does 唯品会用户登录 support?

唯品会用户登录 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 唯品会用户登录?

It is built and maintained by vip (@viphgta); the current version is v1.0.11.

More Skills

What is 唯品会用户登录?

How do I install 唯品会用户登录?

Is 唯品会用户登录 free?

Which platforms does 唯品会用户登录 support?

Who created 唯品会用户登录?

💬 Comments