← 返回 Skills 市场
308
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install check-user-fraud
功能描述
Query MySQL database to analyze user fraud/shuadan behavior. Use when user asks to check if a user is engaging in fraudulent task completion. Analyzes time i...
使用说明 (SKILL.md)
用户刷单查询
根据userId查询MySQL数据库,分析用户做单行为是否涉嫌刷单。
使用场景
当需要查询用户是否存在刷单行为时,使用此技能:
- 用户举报某账号刷单
- 风控系统标记异常账号
- 定期抽查用户行为
- 分析做单模式
查询流程
1. 执行查询脚本
python3 scripts/check_fraud.py \x3CuserId>
2. 分析维度
脚本会自动分析以下指标:
时间间隔分析
- 报名到提交的时间间隔
- 完成时间 \x3C 5分钟: 高度可疑
- 完成时间 5-10分钟: 中度可疑
发单人集中度
- 频繁接取同一发单人的任务
- 同一发单人 > 10次: 高度可疑
- 同一发单人 5-10次: 中度可疑
任务重复度
- 多次接取相同任务
- 重复任务 > 2次: 可疑
置顶刷新状态
- 接取时任务是否有置顶
- 未置顶任务比例 > 70%: 可疑(可能通过非正规渠道获取)
3. 风险等级评估
- 高风险: 2个及以上高风险指标,或完成时间\x3C5分钟占比>50%
- 中风险: 1个高风险或2个中风险指标
- 低风险: 无明显异常
数据库配置
- Host: rr-wz97dxha81orq30j0eo.mysql.rds.aliyuncs.com
- Port: 3389
- User: oc_gw
- Password: m83KkZVLQp2Wg7HgDVb5cRjQ
SQL查询参考
详细SQL语句见 references/ 目录:
query_user_records.sql- 查询用户做单记录query_top_refresh.sql- 查询任务置顶状态fraud_analysis_guide.md- 刷单分析指标说明
输出格式
{
"userId": "用户ID",
"total_records": 记录总数,
"records": [...], // 详细记录
"fraud_indicators": [ // 可疑指标
{
"type": "指标类型",
"level": "high/medium/low",
"description": "描述"
}
],
"summary": {
"risk_level": "high/medium/low",
"conclusion": "结论",
"indicators_count": 指标数量,
"high_risk_count": 高风险数量,
"medium_risk_count": 中风险数量
}
}
注意事项
- 需要安装pymysql:
pip install pymysql - 数据库名需要确认后填入脚本
- 查询结果包含敏感信息,注意保密
安全使用建议
This package appears to do what it says (fraud analysis) but includes hard-coded database credentials and queries that return sensitive user and billing data. Before installing or running: 1) Do NOT run these scripts on a machine with access to other sensitive systems; run in an isolated, network-restricted environment. 2) Verify the origin and trustworthiness of the skill author — there is no homepage or known source. 3) Treat the embedded DB host/credentials as sensitive: confirm whether they are real, revoke or rotate them if they are production credentials, and prefer injecting credentials at runtime via environment variables or a secrets manager rather than using values in code. 4) Confirm you have legal/organizational authorization to query the described data (PII/financial records). 5) Ask the author for proof that the DB endpoint is a sanitized/test instance (or ask for the credentials to be removed and replaced with a configuration template). 6) If you must use the skill, review the scripts line-by-line for any unexpected network calls or data exfiltration, and consider running under network egress restrictions so results cannot be sent to unintended endpoints. Additional information that would raise confidence: confirmation that the RDS host is a non-production/test instance, removal of embedded credentials, and a packaged mechanism that requires the operator to supply DB credentials at runtime (env vars or secret manager).
功能分析
Type: OpenClaw Skill
Name: check-user-fraud
Version: 1.0.0
The skill bundle contains hardcoded plaintext credentials (host, port, username, and password) for a remote Aliyun RDS MySQL database (rr-wz97dxha81orq30j0eo.mysql.rds.aliyuncs.com) across nearly all Python scripts, including fraud_analyzer.py and check_fraud.py. The scripts are designed to query and exfiltrate extensive PII, such as mobile numbers, real names, partial ID numbers, device IDs, and detailed transaction/login logs. While this functionality is consistent with the stated goal of fraud analysis, hardcoding production-level credentials and providing direct access to sensitive user data represents a critical security vulnerability and a significant privacy risk.
能力评估
Purpose & Capability
The skill's name, description, SKILL.md and scripts are coherent: they query a MySQL database and compute fraud indicators. However, instead of declaring or requiring database credentials as configuration or environment variables, the package contains hard-coded DB connection information (host, port, user, password and database) inside multiple scripts and documentation. Bundling active DB credentials in the published package is not strictly necessary for the stated purpose and is a risky distribution practice.
Instruction Scope
Runtime instructions tell the agent/operator to run Python scripts that execute many SQL queries across user/account/login/visit/transaction tables and return results containing sensitive fields (mobile, truename, idNo references, billing records). That is within the stated fraud-detection purpose, but the instructions and scripts will retrieve potentially sensitive PII and financial transaction data and also include the remote DB endpoint and credentials directly in the docs — a privacy and disclosure risk. The SKILL.md also says the database name needs confirmation while scripts already embed a database name, indicating sloppy packaging.
Install Mechanism
There is no install script (instruction-only install), which reduces the risk of arbitrary code being downloaded at install time. Nevertheless, the skill ships 11 Python scripts that will run locally and make network connections to the hard-coded RDS host. Lack of an install step is low-risk in isolation, but the presence of ready-to-run scripts with embedded credentials increases operational risk when executed.
Credentials
Registry metadata declares no required environment variables or credentials, yet the package embeds a full DB credential set (host rr-*.mysql.rds.aliyuncs.com, port 3389, user oc_gw, password m83KkZV...). The scripts query many tables that expose sensitive PII and financial data. Embedding secrets in code rather than requiring explicit, limited credentials (via env vars or a secrets manager) is disproportionate and a security/privacy red flag. Also, port 3389 is atypical for MySQL (commonly 3306), which warrants additional scrutiny.
Persistence & Privilege
The skill does not request permanent inclusion (always:false), does not modify other skill configurations, and does not include an installer that writes system-wide settings. It simply contains runnable scripts; there is no evidence of privilege escalation or persistence beyond executing the provided scripts.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install check-user-fraud - 安装完成后,直接呼叫该 Skill 的名称或使用
/check-user-fraud触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of the check-user-fraud skill:
- Analyzes user fraud/shuadan behaviors by querying a MySQL database.
- Detects suspicious patterns via time intervals, publisher concentration, task duplication, and top refresh status.
- Provides a structured fraud risk assessment (high, medium, low) with clear output format.
- Includes practical usage scenarios, database configuration notes, and example SQL references.
- Requires pymysql and appropriate database credentials.
元数据
常见问题
Check User Fraud 是什么?
Query MySQL database to analyze user fraud/shuadan behavior. Use when user asks to check if a user is engaging in fraudulent task completion. Analyzes time i... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 308 次。
如何安装 Check User Fraud?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install check-user-fraud」即可一键安装,无需额外配置。
Check User Fraud 是免费的吗?
是的,Check User Fraud 完全免费(开源免费),可自由下载、安装和使用。
Check User Fraud 支持哪些平台?
Check User Fraud 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Check User Fraud?
由 star1986c(@star1986c)开发并维护,当前版本 v1.0.0。
推荐 Skills