功能描述

Guide users to configure local Chanjing credentials safely via local commands only, and validate local token status when needed.

使用说明 (SKILL.md)

Chanjing Credentials Guard

Name: Chanjing Credentials Guard
Author: binkes

功能说明

仅通过本地命令引导用户配置/校验蝉镜 AK/SK 与 Token，打开登录页；不在对话中索取密钥。可配合其它 Chanjing 技能使用。

运行依赖

python3 与 scripts/chanjing_config.py、scripts/open_login_page.py、scripts/chanjing_get_token.py 等

环境变量与机器可读声明

环境变量键名与说明：manifest.yaml（environment 段）及本文
变量、写盘路径与权限：manifest.yaml

使用命令

ClawHub（slug 以注册表为准）：clawhub run chanjing-credentials-guard
本仓库：python skills/chanjing-credentials-guard/scripts/chanjing_config.py --status

When to Run

When user asks to configure/get Chanjing keys (AK/SK): use this skill to guide local setup.
When credentials are missing/invalid before a Chanjing API call: use this skill to recover local config.

This skill is a local credential guide, not a cross-skill runtime dependency.

Execution Flow

1. Check if local AK/SK exists
   └─ No  → Run open_login_page.py (open login in browser) → Ask user to run local config command
   └─ Yes → Continue

2. Check if local Token exists and is not expired
   └─ No  → Call API to request/refresh Token → Save
   └─ Yes → Continue

3. Prompt user to continue target action

Credential Storage (AK/SK read from config file)

AK/SK and Token are read from the same config file. Path and format follow the script scripts/chanjing_config.py in this skill.

Path: ~/.chanjing/credentials.json（目录由 CHANJING_OPENAPI_CREDENTIALS_DIR 覆盖，兼容 CHANJING_CONFIG_DIR）
Format:

{
  "app_id": "Your Access Key",
  "secret_key": "Your Secret Key",
  "access_token": "Optional, auto-generated",
  "expire_in": 1721289220
}

expire_in is a Unix timestamp. Token is valid for about 24 hours; refresh 5 minutes before expiry.

When AK/SK Is Missing

When local app_id or secret_key is missing:

Open login page: Run the open_login_page.py script to open the Chanjing sign-in page in the default browser (https://www.chanjing.cc/openapi/login).
Require local setup command after the user obtains keys:
- Show command only; user runs it locally in terminal.
Do not request secrets in chat:
- Never ask user to paste AK/SK in conversation.
- Never echo or store AK/SK in chat summaries.
After setting:
- Ask user to run status check and then proceed to target action.

Commands to set AK/SK (use either):

python scripts/chanjing_config.py --ak \x3Cyour_app_id> --sk \x3Cyour_secret_key>
python skills/chanjing-credentials-guard/scripts/chanjing_config.py --ak \x3Cyour_app_id> --sk \x3Cyour_secret_key>

To open the login page manually: python skills/chanjing-credentials-guard/scripts/open_login_page.py

Guide When User Wants to Generate Keys

When the user clearly wants to generate chanjing keys, get keys, or configure AK/SK, follow this flow:

Step 1: Check if already configured

Check if local AK/SK already exists (read ~/.chanjing/credentials.json for non-empty app_id and secret_key, or run python skills/chanjing-credentials-guard/scripts/chanjing_config.py --status).

Step 2: Branch on result

If already configured: ask whether user wants to overwrite local config.
- If yes, run guide steps.
- If no, stop.
If not configured: Run the “Guide steps” below directly.

Guide steps (when not configured or user confirmed re-apply)

Run open_login_page.py to open the Chanjing login page in the default browser.
Explain the page flow clearly:
- New users are registered automatically and the current page will display App ID and Secret Key with copy buttons.
- Existing users may be redirected to the console; tell them to open the left-side API 密钥 page to view or reset keys.

Ask user to run local command to configure AK/SK:

python skills/chanjing-credentials-guard/scripts/chanjing_config.py --ak \x3Cyour_app_id> --sk \x3Cyour_secret_key>

Secret handling rule:
- Do not ask user to paste AK/SK in chat.
- If user shares secret in chat anyway, remind them to rotate keys and continue with local-command-only flow.
After setting:
- Run status check: python skills/chanjing-credentials-guard/scripts/chanjing_config.py --status
- Then proceed to target Chanjing action.

Token API (see chanjing-openapi.yaml)

POST https://open-api.chanjing.cc/open/v1/access_token
Content-Type: application/json

Request body:

{
  "app_id": "{{app_id}}",
  "secret_key": "{{secret_key}}"
}

Response (success code: 0):

{
  "code": 0,
  "msg": "success",
  "data": {
    "access_token": "xxx",
    "expire_in": 1721289220
  }
}

expire_in: Unix timestamp for token expiry
If code !== 0, AK/SK is invalid or the request failed

Validation Logic

AK/SK: Read from config (path/format above, per chanjing_config.py); ensure app_id and secret_key are non-empty.
Token: Ensure access_token exists and expire_in > current_time + 300 (refresh 5 minutes early).
Token refresh: Call the API above and write returned access_token and expire_in back to the file.

Shortcut: Run python skills/chanjing-credentials-guard/scripts/chanjing_get_token.py; on success it prints access_token, on failure it prints guidance.

Security Boundary

This skill only handles local credential guidance.
It does not require install hooks or elevated/system-wide privileges.
It should not automatically execute unrelated skills.
It should not accept AK/SK via chat content.

Shell Config

Script	Description
`open_login_page.py`	Opens the Chanjing login page and explains how new/existing users obtain AK/SK
`chanjing_config.py`	Set or view AK/SK and Token status
`chanjing_get_token.py`	Print a valid `access_token` to stdout (or guidance on failure)

# Open login page (also runs automatically when AK/SK is missing)
python skills/chanjing-credentials-guard/scripts/open_login_page.py

# Set AK/SK manually
python skills/chanjing-credentials-guard/scripts/chanjing_config.py --ak \x3Capp_id> --sk \x3Csecret_key>

# View status
python skills/chanjing-credentials-guard/scripts/chanjing_config.py --status

With Other Skills

Other Chanjing skills may use the same local config path/format, but should keep their own runtime auth logic.
Guard can be used as an optional setup helper when users explicitly ask for credential guidance.

Reference

reference.md: API and storage format details
chanjing-openapi.yaml: /access_token, dto.OpenAccessTokenReq, dto.OpenAccessTokenResp

安全使用建议

This skill appears coherent and does what it says: it helps you open the Chanjing login page, instructs you to run local commands, stores AK/SK and an access token in ~/.chanjing/credentials.json (or a directory you set via CHANJING_OPENAPI_CREDENTIALS_DIR), and refreshes tokens by POSTing to open-api.chanjing.cc. Before installing/using: (1) confirm you trust the Chanjing endpoints (open-api.chanjing.cc and www.chanjing.cc), (2) be aware the token and keys are persisted on disk (file permissions are set to be restrictive where possible), so protect that filesystem location and rotate keys if exposed, (3) note that the base API URL can be changed by CHANJING_OPENAPI_BASE_URL — only set that to a trusted host, and (4) the registry metadata version vs manifest version differs (minor inconsistency worth noticing). The skill explicitly instructs not to request secrets in chat, which aligns with good practice.

功能分析

Type: OpenClaw Skill Name: chanjing-credentials-guard Version: 1.0.7 The chanjing-credentials-guard skill is a security-focused utility designed to manage API credentials locally without exposing them to the AI agent's chat history. It includes scripts (chanjing_config.py, chanjing_get_token.py) that handle AK/SK storage with appropriate file permissions (0600) and token refreshing via a documented endpoint (open-api.chanjing.cc). The instructions in SKILL.md explicitly forbid the agent from requesting secrets in chat, demonstrating a defensive posture against credential leakage.

能力评估

✓ Purpose & Capability

Name/description, SKILL.md, manifest, and the three Python scripts all focus on local credential guidance: opening a login page, prompting the user to run local commands, reading/writing ~/.chanjing/credentials.json, and calling the Chanjing token API. There are no unrelated credentials, extra cloud permissions, or surprising binaries requested. (Minor metadata mismatch: registry version 1.0.7 vs manifest version 0.1.0 — likely a release metadata inconsistency, not a functional issue.)

✓ Instruction Scope

Runtime instructions limit actions to local guidance: open login page, show commands, run local scripts to read/write credentials, and call Chanjing's token endpoint when refreshing tokens. The SKILL.md explicitly forbids asking for secrets in chat and the scripts implement only the described local file operations and API call. No instructions reference unrelated system files or exfiltrate data to non-Chanjing endpoints.

✓ Install Mechanism

Instruction-only with bundled Python scripts; no install spec and no remote archive downloads. Lowest-risk install profile.

✓ Credentials

No required environment variables; optional env vars (CHANJING_OPENAPI_CREDENTIALS_DIR, CHANJING_OPENAPI_BASE_URL) are directly relevant and are honored by the scripts (they also accept legacy names for compatibility). The skill persists access_token to disk as documented — this is expected for a token-refresh helper and is declared in manifest.credentials.

✓ Persistence & Privilege

agentPolicy.alwaysSkill is false and the skill does not request elevated or cross-skill privileges. It may open the user's browser and run included Python scripts (allowed in manifest). It writes only to the declared credentials directory. Autonomous invocation is allowed by default but is not combined with any broad or surprising privileges here.

版本历史

v1.0.7

- Added manifest.yaml for machine-readable metadata and environment variable declaration. - Updated environment variable names in documentation for standardization (“CHANJING_OPENAPI_CREDENTIALS_DIR”, “CHANJING_OPENAPI_BASE_URL”). - Declared credential file usage and format in SKILL.md frontmatter. - Clarified machine-readable fields and environment compatibility (legacy and new variables). - Minor documentation refinements and improved structure.

v1.0.6

- Added metadata fields: author, binaries (empty), env (CHANJING_CONFIG_DIR, CHANJING_API_BASE), category, and tags (中英文，含领域关键词) to SKILL.md. - Added a 功能说明 (feature description) and usage/依赖/环境变量说明 in Chinese at the top of the documentation, improving clarity for native users. - Clarified usage scenarios and local command-line usage, noting ClawHub integration. - No functional change to core logic, but documentation was expanded, organized, and localized.

v1.0.5

**Chanjing Credentials Guard v1.0.5** - Enforces local-only credential setup: users must run commands on their machine; pasting keys into chat is no longer supported. - Greatly simplified instructions and guide flows in SKILL.md; all interactive secret handling in chat is removed for better security. - Adds three new Python helper scripts: `chanjing_config.py`, `chanjing_get_token.py`, and `open_login_page.py` for local credential management. - Updates documentation and flow: always open the login page if AK/SK missing, always require local command (never request keys in chat), and clarify the token refresh/validation process. - SKILL.md and reference.md have been restructured and trimmed for clarity and security.

v1.0.4

**Chanjing Credentials Guard 1.0.4 — safer credential setup, packaged script clarity** - Clarifies that chat-based AK/SK entry is only allowed after explicit user consent and risk warning; local CLI setup is now the default and recommended way. - Documents the skill's three required `scripts/` files (`chanjing-config`, `open_login_page`, `chanjing-get-token`) and notes that packages missing the `scripts/` directory are incomplete. - Adds explicit guidance for agents to check for script presence and only reference local scripts. - Strengthens risk warnings against pasting credentials in chat, especially regarding chat history/log retention. - Improves instructions and update tables for Chinese and English readers to better reflect the intended credential flow and packaging compliance.

v1.0.3

**Expanded credential setup and guidance, with optional chat-based AK/SK input.** - Adds support for configuring Chanjing AK/SK via chat: user may now paste AK/SK in chat for the agent to apply, with sensitive handling (masking, no echoing full secrets). - Refines setup flow: after credential config, the skill automatically continues the user’s original action—no need to repeat requests. - Documents and clarifies dual setup options: local command or chat paste; explains how secrets are handled securely. - Improves detailed usage instructions, security boundary, and behavior summary for both English and Chinese audiences. - Updates metadata and description to reflect the above behaviors; distinguishes this credential skill from business/API skills and clarifies file/env handling.

v1.0.2

**Security-first update: Only guide users to configure Chanjing credentials via local terminal commands—never accept or echo secrets in chat.** - Strongly prohibits pasting or sharing AK/SK credentials via chat; local setup only. - SKILL.md rewritten for clarity, emphasizing local command flow and secret-handling boundaries. - Users are expected to run configuration/status commands themselves after retrieving keys. - Enhanced guidance on proper credential storage, validation, and next steps. - Warnings provided if a user attempts to share secrets through chat.

v1.0.1

- Adds support for chat-based AK/SK configuration: users can now paste AK/SK into chat for the agent to apply, with careful masking and no secret echoing. - After successful AK/SK setup, the skill now continues the original action automatically—no need for the user to re-run their command. - Updates guidance to warn users that credentials are sensitive and chat history may store them. - SKILL.md documentation updated throughout to reflect these improved, more flexible credential setup flows.

v1.0.0

Initial release of chanjing-credentials-guard. - Provides a credential guard workflow for all Chanjing-related actions and skills. - Checks if Chanjing AK/SK are configured; guides users through obtaining and setting keys if missing. - Validates and refreshes access tokens as needed, ensuring credentials are ready before API calls. - Includes scripts and clear commands for credential management (`open_login_page`, `chanjing-config`, `chanjing-get-token`). - Handles user cases for initial setup, credential refresh, or re-application, with step-by-step prompts.

元数据

Slug chanjing-credentials-guard

版本 1.0.7

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 8

常见问题