← 返回 Skills 市场
Devin_dingcheng
作者
Devingonggz
· GitHub ↗
· v1.0.0
386
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install chengding-level-sensor
功能描述
读取橙丁物联液位传感器设备状态。使用场景:(1)查询液位传感器在线状态 (2)获取设备开关状态 (3)定时监控液位设备。需要提前配置 key、tel、imei 参数。
使用说明 (SKILL.md)
橙丁物联液位传感器
快速查询
curl -s -X POST "https://www.cd6969.com/admin.php?s=/Admin/ApiV2/getList.html" \
-H "Content-Type: application/json" \
-d '{"key":"你的KEY","tel":"你的手机号"}'
配置参数
| 参数 | 值 |
|---|---|
| key | 你的KEY |
| tel | 你的手机号 |
| imei | 你的IMEI |
响应说明
online: 1=在线, 0=离线status: 开关状态,最长8位,第1位表示第1路状态- 0=已关闭
- 1=已打开
- 2=关闭中
- 3=打开中
- 4=点动中
- 5=点动完成或已关闭
使用脚本
./scripts/get_status.sh
返回 JSON 格式的设备状态。
安全使用建议
This skill appears to perform legitimate queries against a vendor API, but it has several things you should consider before running or installing it:
- Do not paste real keys/phone numbers into the script file in plaintext. Instead, modify the script to read KEY, TEL, and IMEI from environment variables or a protected config file, or prompt at runtime.
- The script uses jq (and curl). Ensure jq is installed from a trusted package source before running. The skill metadata should list these dependencies but does not — treat that as an omission.
- Verify the endpoint (https://www.cd6969.com) is the legitimate vendor service you expect. If you do not recognize the domain, validate with the device vendor or use network isolation/testing with dummy credentials.
- Review the script locally before executing. It is short and readable; ensure it only posts the device key/tel and parses the response as shown.
- For safer testing, use dummy values and run in an isolated environment (container/VM) first.
If you plan to use this skill long-term, ask the publisher to: declare required binaries (curl, jq), provide a secure configuration method (env vars or secret store) rather than hard-coded credentials, and include a brief security note about what data is sent to the vendor endpoint.
功能分析
Type: OpenClaw Skill
Name: chengding-level-sensor
Version: 1.0.0
The `scripts/get_status.sh` script makes an external network call to `https://www.cd6969.com` to retrieve sensor data, which aligns with the skill's stated purpose. However, the script directly interpolates user-provided `KEY` and `TEL` values into a JSON string for the `curl -d` argument without proper sanitization. This lack of input sanitization creates a vulnerability where special characters in these inputs could lead to malformed JSON or potential JSON injection, classifying the skill as suspicious.
能力评估
Purpose & Capability
Name/description match the included behavior: the SKILL.md and script call https://www.cd6969.com/admin.php?s=/Admin/ApiV2/getList.html to retrieve device status. However the skill metadata declares no required binaries or env vars while the script requires curl and jq and the README instructs the user to configure key/tel/imei — these deployment requirements are not declared in the registry metadata.
Instruction Scope
Runtime instructions and the script instruct you to place secrets (KEY, TEL, IMEI) directly in scripts (plaintext). The script posts key and tel to an external endpoint and parses the response with jq. The instructions do not recommend secure handling of credentials, nor do they offer alternative (env vars or prompts). While the network call is expected for this purpose, asking users to hard-code private values into a file broadens risk.
Install Mechanism
No install spec (instruction-only) which minimizes installation risk. However the script depends on runtime tools (curl, jq) but the skill metadata did not declare them; that mismatch is a procedural omission that could lead users to run missing/unknown binaries.
Credentials
The skill only needs device-specific values (key, phone, imei) which are proportionate to its purpose, but it does not declare them as required environment variables and instead expects them embedded into the script. That encourages insecure handling of secrets. There are no unrelated cloud or system credentials requested.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system settings, and has no install-time persistence. Autonomous invocation is allowed by platform default but not combined with other concerning privileges here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install chengding-level-sensor - 安装完成后,直接呼叫该 Skill 的名称或使用
/chengding-level-sensor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
chengding-level-sensor v1.0.0 – 初始版本发布
- 支持查询橙丁物联液位传感器设备状态。
- 提供设备在线状态和开关状态查询。
- 支持通过 shell 脚本和 curl 接口获取数据。
- 需提前配置 key、tel、imei 参数。
元数据
常见问题
Devin_dingcheng 是什么?
读取橙丁物联液位传感器设备状态。使用场景:(1)查询液位传感器在线状态 (2)获取设备开关状态 (3)定时监控液位设备。需要提前配置 key、tel、imei 参数。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 386 次。
如何安装 Devin_dingcheng?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install chengding-level-sensor」即可一键安装,无需额外配置。
Devin_dingcheng 是免费的吗?
是的,Devin_dingcheng 完全免费(开源免费),可自由下载、安装和使用。
Devin_dingcheng 支持哪些平台?
Devin_dingcheng 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Devin_dingcheng?
由 Devingonggz(@devingonggz)开发并维护,当前版本 v1.0.0。
推荐 Skills