Description

ISP 开放平台接口测试 Agent。当用户需要对百望开放平台的 ISP 接口进行自动化测试、生成测试报告时使用此 Skill。整合了 isp-login-skill（认证）、queryDB-skill（数据准备）和 api-test-reporter（测试报告）。

README (SKILL.md)

\r \r

ISP API Tester - 开放平台接口测试\r

Name: isp-api-tester
Author: squidtestgary

\r

功能概述\r

\r 本 Skill 提供完整的百望 ISP 开放平台接口测试能力：\r

认证模块：自动获取 access_token 并为每条请求动态生成签名\r
数据准备：从数据库获取真实测试数据（queryDB-skill）\r
接口测试：批量执行测试用例，支持 v6.0 / v7.0 接口版本\r
报告生成：生成可视化的 HTML 测试报告（模板与数据分离，极速）\r \r ---\r \r

架构原则（重要）\r

\r

零脚本生成\r

\r Agent 不往项目目录生成、复制或重写任何脚本。 项目目录只放配置文件。\r \r | 职责 | 脚本位置 | 说明 |\r |------|---------|------|\r | ISP 专属测试执行器 | ~/.workbuddy/skills/isp-api-tester/scripts/run_isp_test.py | 内置动态签名 + 云端/本地返参兼容 |\r | ISP 认证 | ~/.workbuddy/skills/isp-login-skill/scripts/isp_auth.py | get_open_token + get_open_sign |\r | 数据库查询 | ~/.workbuddy/skills/queryDB-skill/scripts/db_query.py | DatabaseClient + TestCaseGenerator |\r | HTML 报告生成 | ~/.workbuddy/skills/api-test-reporter/scripts/generate_report.py | 被 isp-api-tester 跨 skill 引用 |\r \r

配置文件命名规则\r

\r

按接口名分开：test_config_{接口方法名}.json，例如：\r
- test_config_queryinvoicepool.json → baiwang.input.invoice.queryinvoicepool\r
- test_config_invoicepool_query.json → baiwang.input.invoicepool.query\r
- test_config_querymaininfo.json → baiwang.input.invoice.querymaininfo\r
跨会话复用：测试某个接口前，先查项目目录下是否已有对应配置文件，有则直接复用\r \r ---\r \r

执行命令\r

\r

# 标准执行（Windows PowerShell）\r
python $env:USERPROFILE\.workbuddy\skills\isp-api-tester\scripts\run_isp_test.py --config test_config_querymaininfo.json --output ./\r
\r
# 或使用绝对路径\r
python "C:\Users\PC\.workbuddy\skills\isp-api-tester\scripts\run_isp_test.py" --config test_config_queryinvoicepool.json --output ./\r
```\r
\r
执行完毕自动生成：\r
- `test_report_\x3Cmethod>_\x3Ctimestamp>.html`：可视化报告（双击打开）\r
- `test_results_\x3Cmethod>_\x3Ctimestamp>.json`：原始结果\r
- `__REPORT_DATA__.js`：报告数据文件（与 HTML 同目录）\r
\r
---\r
\r
## 配置文件格式（test_config_xxx.json）\r
\r
```json\r
{\r
  "meta": {\r
    "title": "发票主信息查询接口测试",\r
    "base_url": "http://opapi.test.51baiwang.com/router/rest",\r
    "method": "baiwang.input.invoice.querymaininfo",\r
    "version": "6.0",\r
    "timeout": 30,\r
    "isp_auth": {\r
      "appKey": "1000139",\r
      "appSecret": "1bccbe47-917e-4374-8fe9-85b44fecab84",\r
      "username": "cpy001",\r
      "password": "Aa123456.",\r
      "userSalt": "15258c22aa1349819e8cf20c0da04956"\r
    }\r
  },\r
  "fixed_params": {\r
    "taxNo": "91440606MA4WHN8C8X"\r
  },\r
  "test_cases": [\r
    {\r
      "id": "TC_001",\r
      "group": "票种覆盖-税控票",\r
      "name": "01-增值税专用发票",\r
      "desc": "税控票：invoiceCode + invoiceNumber 都必传",\r
      "body": {\r
        "invoiceCode": "044031900101",\r
        "invoiceNumber": "12345678"\r
      },\r
      "expect": {\r
        "success": true,\r
        "response.invoiceType": "01"\r
      }\r
    }\r
  ]\r
}\r
```\r
\r
### v7.0 接口配置差异\r
\r
v7.0 接口需要在 `meta` 中指定版本，并在 `body` 中传入额外公共参数：\r
\r
```json\r
{\r
  "meta": {\r
    "version": "7.0",\r
    "isp_auth": { ... }\r
  },\r
  "fixed_params": {\r
    "taxNo": "91440606MA4WHN8C8X",\r
    "encryptType": "AES",\r
    "encryptScope": "request"\r
  }\r
}\r
```\r
\r
`encryptType` / `encryptScope` 在 v7.0 中既是 body 字段，也会被自动提取到 URL query 参数并参与签名。\r
\r
---\r
\r
## 发票类型入参规则（重要）\r
\r
### 三类发票的字段差异\r
\r
| 发票大类 | 票种代码 | invoiceCode | invoiceNumber | 备注 |\r
|---------|---------|:-----------:|:-------------:|------|\r
| **数电票** | 31/32/51/59/61/83/84 | ❌ **不传** | ✅ 20位数电号码 | 传空串会触发704 |\r
| **税控票** | 01/03/04/08/10/11/14/15 | ✅ 必传 | ✅ 必传 | 传统税控票 |\r
| **数电纸票** | 85/86/87/88 | ✅ 必传 | ✅ 必传 | 同时有数电号码 |\r
\r
**关键**：数电票（31/32/51/59/61/83/84）查询时，`invoiceCode` 字段**完全不传**（连空字符串都不行，传 `""` 会报704参数为空）。\r
\r
### DB 字段映射\r
\r
| 票种 | invoiceNumber 来源 | invoiceCode 来源 |\r
|------|-----------------|----------------|\r
| 数电票 | `E_INV_NUM`（20位数电号码） | 无此字段 |\r
| 税控票 | `INV_NUM` | `INV_KIND`（发票代码） |\r
| 数电纸票 | `INV_NUM` | `INV_KIND` |\r
\r
---\r
\r
## 响应校验规则（不可改动）\r
\r
1. **`success=true`** → 自动校验 `invoiceList`/`response`/`model` 非空\r
2. **`success=false`** → 不校验列表\r
3. **不校验 HTTP 状态码**（用户明确要求）\r
\r
### `expect` 支持的字段\r
\r
| 字段 | 类型 | 说明 |\r
|------|------|------|\r
| `success` | bool | 校验响应体 success 字段 |\r
| `response.{field}` | any | 校验 response 节点下的字段值 |\r
| `model.{field}` | any | 校验 model 节点下的字段值 |\r
| `has_response` | bool | 期望 response/model 字段存在 |\r
| `check_page_data` | bool | 期望返回列表/分页数据 |\r
\r
**不使用 `http_status`、`success_allow_any`、`check_invoice_list_not_empty` 等自定义字段。**\r
\r
---\r
\r
## 测试环境信息\r
\r
| 参数 | 值 |\r
|------|---|\r
| 接口地址 | `http://opapi.test.51baiwang.com/router/rest` |\r
| appKey | `1000139` |\r
| username | `cpy001` |\r
| password | `Aa123456.` |\r
| userSalt | `15258c22aa1349819e8cf20c0da04956` |\r
| appSecret | `1bccbe47-917e-4374-8fe9-85b44fecab84` |\r
| 购方税号 | `91440606MA4WHN8C8X` |\r
| 数据库 | `10.115.96.247:3306/jxindependent0`，user: `jxindependent` |\r
\r
---\r
\r
## 用例设计原则\r
\r
1. **正向用例的入参必须来自数据库真实数据**，确保接口能查到对应记录\r
2. 数电票用例**不传 invoiceCode 字段**（不是传空串，是完全不传）\r
3. 正向用例期望 `"success": true`，异常用例期望 `"success": false`\r
4. 时间范围参数用近期日期（近3个月），避免数据量超500\r
5. 数据量可能超500的查询必须加 `pageNum`\r
\r
---\r
\r
## 依赖\r
\r
```bash\r
pip install requests pymysql\r
```\r

Usage Guidance

This skill appears to do what it claims (API testing), but review and control sensitive configs before running. Specific recommendations: - Do not run the included script with the example configs as-is — they contain exposed test credentials and a DB host. Replace them with credentials you trust or dummy values when experimenting. - Run the tool in an isolated environment (virtualenv/container) and inspect test_config_xxx.json before use. - Audit any real API base_url and DB connection values you provide; avoid pointing the tool at production systems unless you intend to test them. - If you do not trust the source, do not execute the Python script with live credentials; read the script to understand exactly what it sends and logs (it performs network requests and database queries). - Install dependencies (requests, pymysql) in an isolated interpreter and consider running through a code review or sandbox before use. If you want higher confidence about safety, provide provenance information (who published the skill), or ask the publisher to remove embedded credentials from documentation.

Capability Tags

requires-oauth-token

Capability Assessment

ℹ Purpose & Capability

Name/description (ISP API tester) align with included script behavior: obtaining tokens, signing requests, loading DB fixtures, executing API calls and producing reports. The skill claims to reuse helper scripts from other skills (isp-login-skill, queryDB-skill, api-test-reporter) by referencing paths under ~/.workbuddy; this is plausible but creates an implicit dependency on other skills' scripts being present.

⚠ Instruction Scope

SKILL.md instructs running the provided script which will connect to the specified API endpoint and (optionally) to a database per the config. The README contains concrete test credentials, an internal DB host, and example secrets (appSecret/password/userSalt). Running the script with those configs will transmit those credentials to remote endpoints and connect to the database. The instructions also tell the agent to read config files from the project directory—those configs may contain secrets and will be reused across sessions. This broad network and DB access is within testing scope but elevates risk and privacy concerns.

ℹ Install Mechanism

No install spec is provided (instruction-only install), so nothing will be fetched or written automatically by an installer. SKILL.md recommends pip installing 'requests' and 'pymysql' which is proportionate to the Python script's needs. Because there's no install step, the main runtime risk comes from executing the included Python script.

⚠ Credentials

The skill declares no required environment variables or primary credential, which is consistent; however the SKILL.md and example config embed real-looking appKey/appSecret/username/password/userSalt and a DB host and DB credentials. These are sensitive and unnecessary for evaluating the skill itself — embedding them in documentation increases risk of accidental reuse or credential leakage. The script also accepts arbitrary DB and API endpoints via config, so it can be pointed at unrelated systems if misconfigured.

✓ Persistence & Privilege

always:false and no install routine; the skill does not request permanent platform-level privileges and does not modify other skills' configurations. It reads configuration files from the project directory and writes output reports to the specified output directory, which is expected behavior for a test tool.

Version History

v1.0.0

给定接口文档和被测环境信息，支持云地环境，查询环境数据库和知识库，自动化映射接口入参并生成测试用例，并执行测试，对失败用例进行自动修复，直到测试用例执行通过；主skill作为入口，根据具体任务调度对应的skill完成具体任务；主skill：isp-api-tester 执行器：isp-login-skill、queryDB-skill、query-rag-skill、api-test-reporter

Metadata

Slug isp-api-tester

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is isp-api-tester?

ISP 开放平台接口测试 Agent。当用户需要对百望开放平台的 ISP 接口进行自动化测试、生成测试报告时使用此 Skill。整合了 isp-login-skill（认证）、queryDB-skill（数据准备）和 api-test-reporter（测试报告）。 It is an AI Agent Skill for Claude Code / OpenClaw, with 74 downloads so far.

How do I install isp-api-tester?

Run "/install isp-api-tester" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is isp-api-tester free?

Yes, isp-api-tester is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does isp-api-tester support?

isp-api-tester is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created isp-api-tester?

It is built and maintained by squidtestgary (@squidtestgary); the current version is v1.0.0.

More Skills

isp-api-tester