← 返回 Skills 市场
552
总下载
1
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install bingbingxiajiang
功能描述
蜂兵虾将——你的AI牛马团队,替你干活,帮你赚钱。 全行业热点监控+内容创作+趋势洞察+自动执行,4个AI智能体分工协作: 信息守护者(全网采集)、内容军师(创作策略)、趋势预言家(走势预判)、工作记账本(自动记录)。 适用于:金融、医疗、教育、零售、科技、制造业、餐饮、服务业、汽车、房产等**全行业**。 核心...
使用说明 (SKILL.md)
蜂兵虾将 V1.4
🎯 跨对话框记忆能力已实现 - 自动保存/读取用户偏好和历史
🔑 跨对话框记忆系统(已实现)
存储位置
/workspace/memory/
├── profiles/user_profile.json # 用户画像(偏好、历史)
├── sessions/ # 会话历史
└── /workspace/MEMORY.md # 长期记忆
核心功能(每次执行自动运行)
┌─────────────────────────────────────────────────────────────┐
│ 蜂兵虾将执行时(自动) │
├─────────────────────────────────────────────────────────────┤
│ 1. 读取用户画像 ─→ 了解用户偏好 │
│ 2. 读取会话历史 ─→ 了解之前监控过的行业 │
│ 3. 检索MEMORY ─→ 获取重要记住的事项 │
│ 4. 执行任务 │
│ 5. 保存用户画像 ─→ 记录本次偏好 │
│ 6. 更新会话历史 ─→ 记录本次交互 │
└─────────────────────────────────────────────────────────────┘
具体实现指令
开始时读取用户画像:
- 读取
/workspace/memory/profiles/user_profile.json - 读取
/workspace/memory/sessions/index.json - 搜索
memory/目录了解之前交互
执行过程中记录:
- 记录用户选择了哪些选项
- 记录用户偏好(详细/简洁)
- 记录监控的行业
执行完成后保存:
- 更新
/workspace/memory/profiles/user_profile.json - 更新
/workspace/memory/sessions/index.json
完整执行流程
用户输入
│
▼
┌─────────────────────────────────────┐
│ 【自动】读取用户画像 │
│ • 从 memory/profiles/ 读取 │
│ • 了解用户偏好和历史 │
└─────────────────────────────────────┘
│
▼
┌─────────────────────────────────────┐
│ 【自动】读取会话历史 │
│ • 之前监控过哪些行业 │
│ • 上次的输出偏好是什么 │
└─────────────────────────────────────┘
│
▼
意图识别 → 智能路由
│
▼
┌─────────────────────────────────────┐
│ 模块执行 │
└─────────────────────────────────────┘
│
▼
┌─────────────────────────────────────┐
│ 【自动】保存用户画像 │
│ • 更新偏好设置 │
│ • 记录本次交互 │
└─────────────────────────────────────┘
│
▼
用户确认 → 继续/退出
用户画像数据结构
{
"user_id": "default",
"updated_at": "2026-03-03T10:00:00+08:00",
"preferences": {
"output_style": "balanced",
"confirmation_frequency": "normal"
},
"history": [
{
"date": "2026-03-03",
"industry": "金融",
"modules_executed": [1, 2],
"choice": "1"
}
],
"industries_monitored": ["金融", "医疗", "科技"]
}
执行示例(含记忆显示)
用户:帮我监控今天的热点
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
【读取用户画像】
✓ 上次输出偏好:详细
✓ 上次选择了:趋势分析
✓ 之前监控过的行业:金融、医疗
【历史记录】
• 2026-03-02 金融行业 → 选择了模块2
• 2026-03-01 科技行业 → 选择了模块1
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
【行业分析】
识别意图:信息获取 + 内容创作
目标行业:金融(轮换)
【执行】模块1 → 模块2
...
【保存用户画像】
✓ 已记录本次偏好
✓ 已更新历史记录
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
重要规则
✅ 自动记忆(每次执行必做)
-
开始时必须读取:
- 读取
memory/profiles/user_profile.json - 读取
memory/sessions/index.json - 使用 memory_search 检索 MEMORY.md
- 读取
-
执行中必须记录:
- 用户的选择
- 监控的行业
- 使用的模块
-
完成后必须保存:
- 更新 user_profile.json
- 更新 sessions/index.json
- 更新 MEMORY.md(如有重要内容)
存储文件路径(必须使用)
| 数据类型 | 文件路径 |
|---|---|
| 用户画像 | /workspace/memory/profiles/user_profile.json |
| 会话历史 | /workspace/memory/sessions/index.json |
| 长期记忆 | /workspace/MEMORY.md |
全面自检报告
✅ 跨对话框记忆(已实现)
| 功能 | 状态 | 说明 |
|---|---|---|
| 启动时读取用户画像 | ✓ | 读取 memory/profiles/user_profile.json |
| 启动时读取会话历史 | ✓ | 读取 memory/sessions/index.json |
| 自动检索MEMORY | ✓ | 使用 memory_search |
| 执行后保存画像 | ✓ | 写入 memory/profiles/user_profile.json |
| 执行后更新会话 | ✓ | 写入 memory/sessions/index.json |
| 记住监控过的行业 | ✓ | 记录在 history 中 |
| 记住用户偏好 | ✓ | 记录在 preferences 中 |
参考文档
- 存储说明:CROSS_SESSION_README.md
- 长期记忆:/workspace/MEMORY.md
✅ 记忆能力已启用:每次执行蜂兵虾将都会自动读取和保存用户数据,实现真正的跨对话框记忆。
安全使用建议
Before installing or enabling this skill:
- Understand persistent storage: SKILL.md and the code will read and write files like user_profile.json, sessions/index.json and MEMORY.md in the workspace. These will persist across runs and can contain sensitive user data — review and, if needed, rotate/delete before sharing.
- Confirm runtime paths: SKILL.md uses absolute /workspace/memory/ paths while code uses a relative 'memory' baseDir. Ask the author which path is used at runtime and ensure the skill cannot access sensitive directories in your environment.
- Review the bundled code and scripts: the package contains many JS files, package.json and install.sh. If you plan to run demos or install dependencies, inspect install.sh and package.json for network calls or unexpected commands and only run them in an isolated sandbox or VM.
- Network & credential hygiene: the skill claims wide web scraping but declares no credentials. If you provide API keys or system credentials later, ensure they are only given to the specific services the skill needs and avoid granting broad system credentials.
- Sandbox first: run the skill in a restricted environment (container, VM) to observe its behavior (file writes, network traffic). Monitor outbound network connections and the exact files it reads/writes.
- Clarify with the author: ask why the registry says "instruction-only" despite packaged code, which baseDir (/workspace vs memory) will be used, and whether any external endpoints are contacted (the docs reference a CDN URL).
功能分析
Type: OpenClaw Skill
Name: bingbingxiajiang
Version: 1.4.1
The skill is classified as suspicious due to significant prompt injection vulnerabilities and broad tool capabilities. Specifically, the `AGENT_PROMPTS.md` instructs the 'Information Guardian Agent' to use `web_search` and `extract_content_from_websites` tools to collect 'user-specified information' without clear sandboxing or URL filtering. This allows an attacker to potentially prompt the agent to search for sensitive internal data or interact with malicious external websites. Additionally, the `SKILL.md` defines an automatic memory system that reads and writes user profiles and long-term memory from files within the workspace, which could be a prompt injection vector if these files are tampered with. While the core JavaScript code implements the memory system with extensive file system access, it appears confined to the skill's designated directories and does not exhibit direct malicious intent. The identified issues are vulnerabilities that *allow* attacks, rather than proof of intentional malicious behavior by the skill itself.
能力评估
Purpose & Capability
The description promises full-industry, full-web monitoring and automated execution which aligns with the included agent and memory code. However the registry metadata/manifest calls this an "instruction-only" skill while the package contains many runnable JavaScript files (package.json, dist/, demo.js, install.sh). That mismatch (instruction-only vs bundled code) is an inconsistency that should be explained by the author. Also the docs point to a CDN download URL (UPGRADE_REPORT) — external artifacts exist in the repo but no install spec was declared.
Instruction Scope
SKILL.md explicitly instructs the agent to always read and write persistent memory files and to search the memory directory (paths shown as absolute /workspace/memory/...). This gives the skill broad access to on-disk workspace data on every run. The instructions mandate '每次执行必做' (must do every execution), which increases risk because the skill will persistently collect and store user choices and history without per-run opt-in. That scope is coherent with the described memory feature but has notable privacy implications and also includes a hard-coded absolute path which may access unexpected data depending on how /workspace is mapped in the runtime.
Install Mechanism
There is no declared install spec in the registry entry, but the package includes install.sh, package.json, compiled dist/ files and many demos — i.e., this is not truly 'instruction-only'. Because no install mechanism was declared, it's unclear whether automated installation will occur; a user may need to run npm install or the included script. The included files are from a code repository (no obscure external download required), but UPGRADE_REPORT references an external CDN URL. No direct network installation commands were found in the provided excerpts, but the inconsistency should be clarified.
Credentials
The skill requests no environment variables or external credentials in the metadata, which is proportionate. That said, the skill's stated capability of '全网采集' (full-web collection from social platforms) may in practice require credentials or special scraping logic — none are declared. Also the skill will store user_profile.json, sessions/index.json and MEMORY.md in the workspace; these files may hold sensitive user data even though no secrets are requested up-front.
Persistence & Privilege
The skill is designed to persistently read and update cross-session memory files on every execution (automatic read + mandatory save). It does not set always:true, but its runtime instructions mandate persistent state changes under fixed paths. Mandatory persistent writes (and the use of absolute /workspace paths in SKILL.md) increase the blast radius for accidental data retention or leakage if runtime sandboxing is misconfigured.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install bingbingxiajiang - 安装完成后,直接呼叫该 Skill 的名称或使用
/bingbingxiajiang触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.4.1
V1.4.1: 跨对话框记忆能力已实现
v1.4.0
V1.4: 跨对话框记忆能力已实现
v2.0.0
加密版本发布
v1.0.0
初始发布
元数据
常见问题
蜂兵虾将 是什么?
蜂兵虾将——你的AI牛马团队,替你干活,帮你赚钱。 全行业热点监控+内容创作+趋势洞察+自动执行,4个AI智能体分工协作: 信息守护者(全网采集)、内容军师(创作策略)、趋势预言家(走势预判)、工作记账本(自动记录)。 适用于:金融、医疗、教育、零售、科技、制造业、餐饮、服务业、汽车、房产等**全行业**。 核心... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 552 次。
如何安装 蜂兵虾将?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install bingbingxiajiang」即可一键安装,无需额外配置。
蜂兵虾将 是免费的吗?
是的,蜂兵虾将 完全免费(开源免费),可自由下载、安装和使用。
蜂兵虾将 支持哪些平台?
蜂兵虾将 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 蜂兵虾将?
由 e2e5g(@e2e5g)开发并维护,当前版本 v1.4.1。
推荐 Skills