← Back to Skills Marketplace
Yunshang Aifei Cli Share
by
wanxin0911
· GitHub ↗
· v1.0.0
· MIT-0
147
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install yunshang-aifei-cli-share
Description
API client for Yunshang Aifei OA system enabling query and write operations on tasks, projects, users, and reports via encrypted REST calls without browser d...
Usage Guidance
This skill is a legitimate-looking API client for an internal OA system, but before installing consider the following:
- The code expects AIFEI_USERNAME and AIFEI_PASSWORD in a .env file — the registry metadata did not declare these, so you must provide credentials for it to work. Keep the .env private.
- For captcha solving the module will try to find a DASHSCOPE_API_KEY. If you do not set DASHSCOPE_API_KEY in .env, the module will scan your OpenClaw config (~/.openclaw/openclaw.json and a sibling path) and use any found provider apiKey to call DashScope. If you do not want this skill to access other tool credentials, remove that logic or ensure OpenClaw config does not contain reusable secrets.
- The captcha solver sends base64 image data to an external model endpoint using the discovered API key. That is functional for automation but means an external service will process captcha images; confirm you are comfortable with that data flow and that the API key’s provider is trusted.
- The client caches tokens in files inside the skill workspace. If multiple users share the workspace, tokens could be reused; secure the workspace directory.
If you want to proceed but reduce risk:
- Provide DASHSCOPE_API_KEY explicitly in .env tied to a limited-scope account, or disable/replace the captcha solver with a local/manual step.
- Inspect and, if necessary, remove the code paths that read OpenClaw configuration before running.
- Run the tool only on the intended internal network (the API endpoints are internal IPs) and review the generated .token-*.json files after use.
Given the mismatches and the skill reading other config files for API keys, treat this as suspicious until you confirm or restrict the credential-access behavior.
Capability Analysis
Type: OpenClaw Skill
Name: yunshang-aifei-cli-share
Version: 1.0.0
The skill bundle provides a comprehensive CLI for the '云上艾飞' OA system, allowing an AI agent to perform tasks such as querying project lists, managing todos, and handling expense reports. It features a robust API client in `aifei_api.py` that implements SM4 encryption and a captcha solver in `modules/captcha_solver.py` that leverages Alibaba's DashScope API. While the captcha solver reads the OpenClaw global configuration file (`openclaw.json`) to find API keys and uses a constrained `eval()` for arithmetic verification, these behaviors are clearly aligned with the stated purpose of providing a seamless, zero-configuration experience for the user. No evidence of data exfiltration, malicious execution, or prompt injection was found.
Capability Assessment
Purpose & Capability
The name/description match the implementation: a Python client for the Yunshang Aifei OA API (SM4 encryption, login, query/write endpoints). However the registry metadata lists no required environment variables or credentials while the code and README clearly require AIFEI_USERNAME and AIFEI_PASSWORD in a .env file (and optionally DASHSCOPE_API_KEY). This mismatch between declared requirements and actual code is noteworthy.
Instruction Scope
SKILL.md and the code instruct runtime behavior that goes beyond a simple HTTP client: the login flow uses an automated captcha solver which encodes/POSTs the base64 captcha image to an external /chat/completions endpoint (DashScope). The captcha module will also search local OpenClaw config files for API keys. The skill will read .env, read user config paths (~/.openclaw/openclaw.json and another path), and send image data + a discovered API key to an external model endpoint. These actions access and transmit potentially sensitive data (captcha images and API keys) outside the immediate OA service.
Install Mechanism
There is no install spec; this is an instruction/code-only skill. Dependencies are standard Python packages (gmssl, requests, python-dotenv). Nothing is downloaded from arbitrary URLs or written by an installer beyond normal pip installs mentioned in README.
Credentials
The code requires AIFEI_USERNAME and AIFEI_PASSWORD (read from .env) but the skill metadata declared no required env vars. More importantly, the captcha solver will attempt to auto-locate a DASHSCOPE_API_KEY by reading environment variables or by scanning OpenClaw configuration files for provider apiKey values. That means the skill reads other tools' configuration and may reuse those API keys to call an external service. This is broader credential access than a straightforward OA API client needs and should be considered sensitive.
Persistence & Privilege
The skill is not always:true and is user-invocable. It writes token cache files (.token-prod.json/.token-test.json) into the skill workspace and sets cookies in its requests.Session — normal for a client. It does not modify other skills or system-wide agent settings, but it does read other software's config files (OpenClaw), which is a form of cross-tool credential access worth noting.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install yunshang-aifei-cli-share - After installation, invoke the skill by name or use
/yunshang-aifei-cli-share - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of yunshang-aifei-cli-share:
- Provides a pure API CLI client for 云上艾飞 OA, supporting query and write operations without browser dependencies.
- Includes ready-to-use CLI commands for tasks, user info, and project management, supporting both production and test environments.
- Offers Python API usage examples with authentication, SM4 encryption, and token management.
- Documents all verified API endpoints and details on request/response formats, key fields, and environment differences.
- Implements token caching and proper login handling; important integration tips and common pitfalls are noted.
- Lists common personnel and project IDs, and details technical architecture and required dependencies.
Metadata
Frequently Asked Questions
What is Yunshang Aifei Cli Share?
API client for Yunshang Aifei OA system enabling query and write operations on tasks, projects, users, and reports via encrypted REST calls without browser d... It is an AI Agent Skill for Claude Code / OpenClaw, with 147 downloads so far.
How do I install Yunshang Aifei Cli Share?
Run "/install yunshang-aifei-cli-share" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Yunshang Aifei Cli Share free?
Yes, Yunshang Aifei Cli Share is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Yunshang Aifei Cli Share support?
Yunshang Aifei Cli Share is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Yunshang Aifei Cli Share?
It is built and maintained by wanxin0911 (@wanxin0911); the current version is v1.0.0.
More Skills