← Back to Skills Marketplace
mosquitood

跨境卫士客户端

by mosquitood · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
79
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install kuajingvs
Description
Use this skill when the user wants to call, test, debug, or integrate the 跨境卫士客户端 API defined by the bundled OpenAPI specification. Handles endpoint discover...
README (SKILL.md)

\r \r

跨境卫士客户端\r

\r Use this skill when the task involves interacting with the 跨境卫士客户端 API, including:\r \r

  • understanding available endpoints\r
  • generating curl commands\r
  • filling path, query, header, and body parameters\r
  • handling authentication\r
  • testing API requests\r
  • debugging request and response failures\r
  • translating user intent into concrete API calls\r \r

Bundled references\r

\r Before making assumptions about endpoints, request bodies, or response schemas, read the bundled OpenAPI specification from one of the following files:\r \r

  • references/openapi.yaml\r
  • references/openapi.json\r \r If present, also read:\r \r
  • references/auth.md\r \r Do not invent endpoints, fields, enum values, request formats, or response shapes that are not defined by the bundled specification or auth notes.\r \r

Workflow\r

\r

  1. Read the OpenAPI spec and identify the correct path and HTTP method.\r
  2. Determine:\r
    • base URL or server\r
    • authentication scheme\r
    • required headers\r
    • path parameters\r
    • query parameters\r
    • request body schema\r
    • expected response schema\r
  3. Translate the user's goal into a concrete API call.\r
  4. Prefer showing the exact curl command before or alongside execution when that improves transparency.\r
  5. Use safe shell quoting when constructing commands.\r
  6. Never expose secrets in full.\r
  7. Summarize the result clearly, including the HTTP status code and important response fields.\r \r

Authentication rules\r

\r

  • First inspect the OpenAPI spec for the declared security scheme.\r
  • If references/auth.md exists, follow it as the source of truth for authentication details not fully expressed in the OpenAPI document.\r
  • If credentials are already available in environment variables or local config, use them.\r
  • Never print secret values in full.\r
  • If a token or key must be shown for debugging, redact the middle portion.\r \r Common environment variable patterns to check:\r \r
  • BASE_URL\r
  • API_APP_ID\r
  • API_APP_SECRET\r
  • X_APP_ID\r
  • X_APP_SECRET\r
  • API_KEY\r
  • ACCESS_TOKEN\r
  • BEARER_TOKEN\r \r If the local auth notes define different names, follow those instead.\r \r

Request construction rules\r

\r

Path parameters\r

\r Always substitute all required path parameters.\r \r

Query parameters\r

\r Only include query parameters that are relevant or explicitly requested. Do not send null or empty values unless the API expects them.\r \r

Request body\r

\r Build JSON request bodies that conform to the schema in the OpenAPI specification. If the schema has required fields, ensure they are present before sending the request.\r \r

Headers\r

\r Always include:\r \r

  • Accept: application/json\r \r Include:\r \r
  • Content-Type: application/json\r \r when sending JSON request bodies.\r \r If the API uses custom authentication headers such as x-app-id and x-app-secret, include them on every authenticated request.\r \r

Execution pattern\r

\r Prefer this style for JSON requests:\r \r

curl -sS \\r
  -X POST "$BASE_URL/example/path" \\r
  -H "Accept: application/json" \\r
  -H "Content-Type: application/json" \\r
  --data '{...}'
Usage Guidance
This skill appears to be a straightforward OpenAPI-based API client, but it contains plaintext API credentials in references/auth.md. Before installing: (1) Treat those embedded x-app-id/x-app-secret values as sensitive — verify whether they are just examples or real keys; if real, do not use them for production and rotate/remove them. (2) Confirm the server/base URL is correct (the OpenAPI uses a 127.0.0.1 placeholder). (3) Be aware the SKILL.md tells the agent to check environment variables and local config for credentials — if you install, avoid exposing production secrets in the environment or remove them from the agent's runtime. (4) If you don't trust the embedded credentials, request a version of the skill with auth samples redacted or with instructions to read credentials only from clearly named, user-provided env vars. If you need additional assurance, ask the maintainer whether the credentials are samples and request their removal.
Capability Analysis
Type: OpenClaw Skill Name: kuajingvs Version: 1.0.0 The skill is designed to facilitate interaction with the local API of the '跨境卫士' (Cross-border Guardian) client, a legitimate tool used by e-commerce sellers for account isolation. It provides an OpenAPI specification (`references/openapi.yaml`) and authentication guidelines (`references/auth.md`) to manage shop instances and retrieve Selenium connection details. The instructions in `SKILL.md` are well-structured for API interaction, and no indicators of data exfiltration, malicious execution, or prompt injection were found.
Capability Tags
requires-sensitive-credentials
Capability Assessment
Purpose & Capability
Name/description, the bundled OpenAPI, and the requested binaries (curl, python3) align: this is an instruction-only API client for the provided OpenAPI spec and curl-based testing.
Instruction Scope
SKILL.md stays mostly on-task (read the OpenAPI, construct requests, prefer showing curl, redact secrets). It does instruct the agent to check environment variables and 'local config' for credentials and lists common env var names to try; that is reasonable for an API client but gives the agent discretion to inspect environment variables beyond the skill's own files.
Install Mechanism
No install spec and no code files — instruction-only — so nothing is written to disk by the skill itself. This is the lowest-risk install profile.
Credentials
The bundled references/auth.md includes plaintext x-app-id and x-app-secret values. That is unexpected given SKILL.md's rule 'Never expose secrets in full.' Embedding usable credentials in the skill files can cause accidental use or disclosure. The skill does not request unrelated cloud/provider credentials, but the presence of embedded secrets is disproportionate and risky if those keys are real or have any privileges.
Persistence & Privilege
always is false and there is no mechanism to persist or alter other skills or system-wide settings. The skill can be invoked autonomously by the agent (default), which is normal; this is not combined with elevated privileges here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install kuajingvs
  3. After installation, invoke the skill by name or use /kuajingvs
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of 跨境卫士客户端 skill. - Provides integration and interaction with 跨境卫士客户端 API using OpenAPI specification. - Automates endpoint discovery, request construction, authentication handling, and parameter validation. - Generates curl commands for transparency and debugging. - Interprets API responses and summarizes key results. - Follows provided OpenAPI and authentication documentation for accurate request formatting and secure handling of secrets.
Metadata
Slug kuajingvs
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is 跨境卫士客户端?

Use this skill when the user wants to call, test, debug, or integrate the 跨境卫士客户端 API defined by the bundled OpenAPI specification. Handles endpoint discover... It is an AI Agent Skill for Claude Code / OpenClaw, with 79 downloads so far.

How do I install 跨境卫士客户端?

Run "/install kuajingvs" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 跨境卫士客户端 free?

Yes, 跨境卫士客户端 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does 跨境卫士客户端 support?

跨境卫士客户端 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 跨境卫士客户端?

It is built and maintained by mosquitood (@mosquitood); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments