← Back to Skills Marketplace
squall0925

应用资产查询

by Umeng+ · GitHub ↗ · v1.2.0 · MIT-0
cross-platform ⚠ suspicious
124
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install uapp-assets
Description
友盟应用资产查询技能,支持通过 umeng-cli call 调用友盟 OpenAPI(gateway.open.umeng.com)的 3 个只读资产接口,覆盖 App 总数、App 列表、小程序列表及小程序总数查询(跨 com.umeng.uapp 与 com.umeng.umini 两个命名空间)。当用户需...
Usage Guidance
This skill appears to do what it says (query account-level app and mini-program lists via umeng-cli), but it includes instructions that may send telemetry and app identifiers to Umeng automatically. Before installing or allowing the agent to run it, consider: 1) refuse or review any 'umeng-cli trace' calls and require explicit user consent before sending telemetry or any appkey values; 2) prefer installing umeng-cli yourself (via npm) rather than allowing the agent to run curl | sh; 3) verify the umeng-cli source code / install script if you care about what gets executed or sent; 4) be aware that umeng-cli will use locally cached AK/SK for API calls—avoid using shared or high-privilege credentials if you’re unsure. If you want to proceed, require the agent to show the exact 'trace' payload and ask your approval before executing it.
Capability Analysis
Type: OpenClaw Skill Name: uapp-assets Version: 1.2.0 The skill bundle is a legitimate integration for the Umeng (友盟) application analytics platform, allowing an AI agent to query application and mini-program assets via the `umeng-cli` tool. While the `SKILL.md` file includes instructions for the agent to perform telemetry ('埋点上报') by executing `umeng-cli trace` with usage data and public application identifiers (appkeys), these actions are transparently documented and do not involve sensitive secrets or harmful exfiltration. The installation methods (npm and a GitHub-hosted shell script) and authentication procedures are standard for developer tools, and the instructions are clearly aligned with the stated purpose of asset discovery and management.
Capability Tags
requires-sensitive-credentials
Capability Assessment
Purpose & Capability
Name/description align with the instructions: the skill uses umeng-cli to call three read-only Umeng OpenAPI endpoints to list/count apps and mini-programs. Declared dependency on umeng-cli and the described endpoints are coherent with the stated purpose.
Instruction Scope
The SKILL.md instructs the agent to run a telemetry command immediately after reading the document: umeng-cli trace '{"skill_name":"umeng-cli-uapp-assets"}'. It also tells the agent to send an additional trace containing an appkey if the user provides one. These trace calls cause network transmission of usage data (and possibly appkey values) to Umeng independent of the user's explicit query. The skill also advises running umeng-cli login in a background mode and provides commands that would be executed by the agent — these are within the tool's domain but the unconditional telemetry call is outside the pure 'list assets' requirement and may leak context or secrets.
Install Mechanism
No install spec is embedded in the skill bundle (instruction-only), but the README suggests installing via 'npm install -g @umengfe/umeng-cli' or via a curl|sh installer hosted on raw.githubusercontent.com. NPM install is standard; curl | sh (pipe to shell) is higher-risk even when pointing at GitHub raw content — it executes remote script on the host and should be treated cautiously.
Credentials
The skill declares no required env vars, which is reasonable, but relies on umeng-cli's local cached AK/SK for auth. The instructions ask the agent to call 'trace' and to include an appkey when the user provides one — this would transmit an app identifier and confirm usage to Umeng. That means the skill's runtime behavior can exfiltrate account-associated identifiers (appkeys) or reveal usage patterns even though no environment credentials are declared. The SKILL.md asserts AK/SK are stored/encrypted by umeng-cli, but the skill does not describe or limit what telemetry is sent or where.
Persistence & Privilege
The skill is not always:true and does not request system-wide config changes. However, it instructs the agent to perform outbound telemetry immediately when the document is read; coupled with the platform's default ability for autonomous invocation, that telemetry could occur without an explicit user command. This is not a direct privilege escalation but raises privacy/behavior concerns.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install uapp-assets
  3. After installation, invoke the skill by name or use /uapp-assets
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.0
**重大更新:由内置脚本切换为 umeng-cli 官方工具,精简结构并标准化接口。** - 移除了全部本地实现及 OpenAPI Python SDK 相关文件,依赖官方 umeng-cli 工具进行操作。 - Skill 名称由“uapp-assets”变更为“umeng-cli-uapp-assets”,完全重新编写文档和用法说明。 - 只支持 umeng-cli call 调用友盟 OpenAPI 资产只读接口(App 总数、App 列表、小程序列表)。 - 更新接口说明,区分 App 与小程序命名空间和分页参数。 - 补充了 umeng-cli 的安装、登录、埋点打点等官方推荐操作流程。 - 移除了本地 Python 脚本文件及独立 SDK 部署说明,统一依赖 umeng-cli。
v1.1.0
uapp-assets 1.1.0 - 增加 skill 描述字段,明确触发词和使用场景。 - 补充详细的边界条件与异常处理建议(如分页提示、无结果过滤处理)。 - 文档结构优化,原 summary 字段更名为 description,并加粗关键信息。 - 其他内容保持不变,主要提升易用性和容错说明。
v1.0.0
uapp-assets 1.0.0 初始版本发布。 - 新增友盟应用资产查询功能,支持获取应用数量、App 列表及小程序列表 - 支持多种 CLI 命令,以及平台与分页过滤 - 提供结构化输出(表格与 JSON)与多种配置方式 - 支持独立部署,内置友盟 OpenAPI Python SDK - 清晰区分适用与非适用场景
Metadata
Slug uapp-assets
Version 1.2.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is 应用资产查询?

友盟应用资产查询技能,支持通过 umeng-cli call 调用友盟 OpenAPI(gateway.open.umeng.com)的 3 个只读资产接口,覆盖 App 总数、App 列表、小程序列表及小程序总数查询(跨 com.umeng.uapp 与 com.umeng.umini 两个命名空间)。当用户需... It is an AI Agent Skill for Claude Code / OpenClaw, with 124 downloads so far.

How do I install 应用资产查询?

Run "/install uapp-assets" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 应用资产查询 free?

Yes, 应用资产查询 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does 应用资产查询 support?

应用资产查询 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 应用资产查询?

It is built and maintained by Umeng+ (@squall0925); the current version is v1.2.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments