← 返回 Skills 市场
asiasea-bi
作者
zhahngyongchao
· GitHub ↗
· v1.0.3
· MIT-0
308
总下载
0
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install asiasea-bi
功能描述
飞书集成智能数据网关,支持企业异构系统动态映射与切换、基于自然语言时间语义推导的真实 API 数据穿透与可视化快照固化发布。
使用说明 (SKILL.md)
🌌 金灯塔智能 BI Skill (Cognitive Data Agent)
描述
本 skill 是金灯塔数据中枢的 OpenClaw 认知代理适配版本。依托动态元数据路由机制,允许用户通过自然语言精确穿透企业各类异构微服务架构,实时提取核心业务度量快照,并将多维数据流一键投影并发布为可视化研报。(异步定时调度路由由 OpenClaw 平台原生编排引擎接管)
代码仓库: asiasea-ai/bi
可用交互协议流
- 安全握手与鉴权:
初始化 - 域感知与上下文注入:
切换系统 [目标业务域](如:切换系统 核心业务节点A) - 高阶语义数据查询 (强制收敛时间边界):
查询本月的[核心业务指标]提取上一时间周期的[度量矩阵数据]及趋势演进
- 拓扑快照固化发布:
把刚才的数据快照发布到系统
架构安全声明
完全兼容 OpenClaw 的 handle 同步函数规范。底层映射真实零信任鉴权接口与业务元数据网络,具备启发式意图时间推导引擎,100% 拒绝数据幻觉与异常兜底伪装。系统生成的纯静态 DOM 快照严格落实凭证隔离,确保核心物理数据的绝对安全。
安全使用建议
This skill claims strict credential isolation but the code embeds API headers/tokens (base64) inside HTML reports and uploads them to a remote archive endpoint — that can leak credentials if the uploaded snapshot is accessible. Before installing: 1) refuse to run in production until generate_html is changed to never include raw headers/tokens in client-visible artifacts; instead use server-side artifact generation or remove headers entirely. 2) Confirm the remote endpoints (o.yayuit.cn, e.asagroup.cn) are owned/trusted by your organization and acceptable for uploading sensitive reports. 3) Review and protect the .session_*.json files (they may contain tokens); ensure they are encrypted or stored in a secure path, and verify retention/cleanup behavior. 4) Resolve the README/LICENSE contradiction about public repo access and confirm licensing. 5) Consider a security review or require the vendor to provide a version that strips secrets from snapshots and documents exact data flows. If you cannot validate these, label the skill untrusted for sensitive data.
功能分析
Type: OpenClaw Skill
Name: asa-bi
Version: 1.0.3
The skill functions as a BI data gateway but exhibits high-risk credential handling and data exposure patterns. In `main.py`, the `generate_html_report` function embeds sensitive authentication headers and API tokens (obfuscated only by Base64) directly into HTML files, which are then uploaded to a remote endpoint (`o.yayuit.cn`) for public/semi-public preview. While aligned with the stated purpose of generating visual reports, this practice constitutes a significant security vulnerability. The skill also stores session tokens in local JSON files and communicates with external domains `o.yayuit.cn` and `e.asagroup.cn` to retrieve corporate financial data (budgets and expenses).
能力评估
Purpose & Capability
Name/description: BI / Feishu integration. Implementation: Python code calls asiagroup/yayuit endpoints to list systems, obtain system tokens, upload/publish HTML reports. Expected: a Feishu-integrated skill would normally show explicit Feishu API usage or require Feishu credentials; this code does not. The repo/README/license claim private proprietary usage while SKILL.md instructs cloning via public [email protected]; small metadata version mismatch (manifest lists 1.0.4 while registry metadata shows 1.0.3).
Instruction Scope
SKILL.md instructs cloning/deploying and runtime ‘初始化’/‘切换系统’ flows. The runtime instructions claim strict credential isolation, but main.py's generate_html function embeds a base64-encoded payload that includes API URL and headers (headers_dict) into the generated HTML and then the skill uploads that HTML to an OSS endpoint — this directly contradicts the '凭证隔离' claim and risks leaking tokens via uploaded snapshots.
Install Mechanism
No install spec; code is bundled in the skill (main.py). No external arbitrary downloads or extract operations. Uses the Python requests library (standard for network interaction).
Credentials
Skill declares no required env vars or credentials, but it obtains system tokens from remote APIs and stores per-user session files under the skill directory. It then includes headers/tokens in generated HTML (base64) which is uploaded — this is disproportionate to the 'do not expose credentials' guarantees and increases risk of secret leakage. The LICENSE forbids publishing the software to public repos, but the README suggests cloning from GitHub — a policy/usage inconsistency.
Persistence & Privilege
always:false (normal). The skill writes per-user session files (.session_<id>.json) into the skill directory (BASE_DIR). Writing session state to disk is expected for multi-session logic, but these files may contain system_auth_headers and should be treated as sensitive; the skill also persists generated reports to OSS via upload endpoint.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install asiasea-bi - 安装完成后,直接呼叫该 Skill 的名称或使用
/asiasea-bi触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
No user-facing changes in this version.
- No file changes detected; documentation and functionality remain unchanged.
v1.0.2
- Skill名称变更为“asiasea-bi”,并更新了仓库地址为“asiasea-ai/bi”。
- description大幅升级,明确说明支持飞书集成、异构系统动态映射、自然语言时间语义推导及可视化快照发布。
- 丰富了triggers列表,新增了“系统列表”、“报表”、“数据看板”、“BI”、“统计”、“趋势”、“度量”、“查询”、“发布”等多项调用词。
- 保持功能与核心交互描述不变,完善场景与调用入口定义。
v1.0.1
- Renamed the skill from 金灯塔BI to ccc-bi.
- Updated the description to focus on cognitive BI agent capabilities and dynamic metadata routing.
- Revised and expanded the example user interactions, emphasizing semantic data queries and advanced snapshot publishing.
- Clarified architecture security with zero-trust principles and isolated static DOM snapshot enforcement.
- Adjusted repository reference to the new namespace.
v1.0.0
金灯塔BI 1.0.0 首次发布
- 推出多系统(E网、供应链)切换及自然语言报表检索
- 支持基于真实 API 的精确报销单与部门周期预算查询,需带时间范围
- 一键发布查询结果,直连业务系统
- 兼容 OpenClaw 平台,同步调度、自动时间变量推导
- 明确拒绝假数据与兜底伪装,保障数据安全准确
元数据
常见问题
asiasea-bi 是什么?
飞书集成智能数据网关,支持企业异构系统动态映射与切换、基于自然语言时间语义推导的真实 API 数据穿透与可视化快照固化发布。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 308 次。
如何安装 asiasea-bi?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install asiasea-bi」即可一键安装,无需额外配置。
asiasea-bi 是免费的吗?
是的,asiasea-bi 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
asiasea-bi 支持哪些平台?
asiasea-bi 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 asiasea-bi?
由 zhahngyongchao(@asazhangyongchao)开发并维护,当前版本 v1.0.3。
推荐 Skills