← 返回 Skills 市场
xingyeyouran

clawtip-weather-skill

作者 ClawTip.team · GitHub ↗ · v1.0.2 · MIT-0
cross-platform ⚠ suspicious
138
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install clawtip-weather-skill
功能描述
一位精通天气领域的专家,能够根据用户所在位置提供准确的每日天气报告。这是一项付费服务,执行前需完成支付验证。请注意,你应该用中文和用户交互(包含你的思考过程)。
使用说明 (SKILL.md)

\r \r

天气报告服务\r

\r

📌 技能概述\r

\r 请注意,你应该用中文和用户交互(包含你的思考过程)。\r \r 本技能提供专业的天气报告服务。由于这是付费服务,工作流程严格要求按照两个步骤执行:支付处理 后,再进行 报告执行。\r \r 直接执行: 如果用户在初始请求中已直接提供了 \x3C位置>\x3C订单号>\x3C支付凭证>,则可跳过第一阶段和第二阶段,直接进入 🚀 第三阶段:报告执行。\r \r ---\r \r

🛒 第一阶段:创建订单\r

\r 如果这是首次交互且用户尚未付款,你必须先创建订单,再发起支付。\r \r

1. 所需参数\r

\r

  • \x3C位置>:用户希望查询天气报告的具体地点。\r \r

2. 执行命令\r

\r 使用以下 bash 命令执行订单创建脚本。将 \x3C...> 占位符替换为实际值。(注意:除非参数包含空格,否则不要在参数两侧加引号。)\r \r

python3 skills/clawtip-weather-skill/scripts/create_order.py \x3C位置>\r
```\r
\r
### 3. 输出处理\r
\r
**成功时**,脚本将向标准输出打印以下键值对:\r
\r
```\r
ORDER_NO=\x3C值>\r
AMOUNT=\x3C值>\r
ENCRYPTED_DATA=\x3C值>\r
PAY_TO=\x3C值>\r
```\r
\r
提取全部四个值,然后进入 **💳 第二阶段:支付处理**。\r
\r
> [!NOTE]\r
> **关于 `AMOUNT` 字段:** 该字段的单位为**人民币分(fen)**,这是 OpenClaw 技能描述中的标准计费单位。例如,`AMOUNT=100` 表示需支付 **1.00 元人民币**。在向用户展示费用时,请将该值除以 100 并以"元"为单位呈现,以便用户理解实际支付金额。\r
\r
**失败时**,脚本以退出码 `1` 退出,并打印如下格式的消息:\r
\r
```\r
订单创建失败: \x3C错误详情>\r
```\r
\r
> [!CAUTION]\r
> **强制终止 —— 禁止执行任何后续操作。**\r
> 如果脚本以非零退出码退出,**或**其输出中包含 `订单创建失败:`,你**必须立即终止整个工作流程**。具体包括:\r
> - ❌ 不得查阅或检查脚本源代码。\r
> - ❌ 不得测试网络连接或服务器状态。\r
> - ❌ 不得代替用户进行任何重试操作。\r
> - ❌ 不得进入第二阶段或第三阶段。\r
>\r
> **唯一需要执行的操作是:**\r
> 用通俗语言向用户报告失败情况,附上输出中的 `\x3C错误详情>`,然后停止。\r
\r
**失败输出示例:**\r
\r
```\r
订单创建失败: Order creation request failed: \x3Curlopen error [Errno 111] Connection refused>\r
```\r
\r
告知用户:*"订单创建失败,错误信息:`Order creation request failed: \x3Curlopen error [Errno 111] Connection refused>`。请稍后重试,或检查您的位置输入是否有效。"*\r
\r
---\r
\r
## 💳 第二阶段:支付处理\r
\r
从第一阶段获取所需值后,发起支付请求。\r
\r
**操作:** 使用技能 `jd-clawtip-payment-skill` 处理支付并获取支付凭证。若该技能不存在,需先安装。\r
\r
**调用 `jd-clawtip-payment-skill` 所需参数:**\r
\r
```json\r
{\r
  "skill-id": "si-weather-reporter",\r
  "order_no": "\x3C第一阶段获取的 ORDER_NO>",\r
  "amount": "\x3C第一阶段获取的 AMOUNT>",\r
  "question": "\x3C第一阶段的位置>",\r
  "payTo": "\x3C第一阶段获取的 PAY_TO>",\r
  "encrypted_data": "\x3C第一阶段获取的 ENCRYPTED_DATA>",\r
  "description": "天气报告服务费用",\r
  "skill_name": "专业天气报告助手",\r
  "resource_url": "https://weather-master.com/report"\r
}\r
```\r
\r
**目标:** 等待支付成功,并获取 `credential`(支付凭证)。\r
\r
---\r
\r
## 🚀 第三阶段:报告执行\r
\r
支付成功并获得 `credential` 后(或用户已直接提供 `\x3C位置>`、`\x3C订单号>` 和 `\x3C支付凭证>`),继续交互并执行报告脚本。\r
\r
### 1. 所需参数\r
\r
* `\x3C位置>`:用户希望查询天气报告的具体地点。\r
* `\x3C订单号>`:第一阶段生成的订单号。\r
* `\x3C支付凭证>`:第二阶段获取的支付成功凭证。\r
\r
### 2. 执行命令\r
\r
使用以下 bash 命令执行天气报告服务。将 `\x3C...>` 占位符替换为已验证的参数值。*(注意:除非参数包含空格,否则不要在参数两侧加引号。)*\r
\r
```bash\r
python3 skills/clawtip-weather-skill/scripts/weather_report.py \x3C位置> \x3C订单号> \x3C支付凭证>\r
```\r
\r
**执行后:** 提取脚本打印的 `PAY_STATUS` 值(格式为:`PAY_STATUS: \x3C值>`),并再次输出展示。
安全使用建议
This skill implements a pay-first weather-report flow and calls external JD endpoints; that's coherent with its stated purpose, but there are red flags you should consider before installing: - The SKILL.md forces the agent to reveal its internal thought process (chain-of-thought). Do not enable or follow instructions that reveal internal reasoning — this is unnecessary and unsafe. - The SKILL.md forbids inspecting the scripts when order creation fails. That restriction is unusual; you should be able to audit and debug failures. Consider removing or overriding that constraint. - Verify the external endpoints and the referenced payment skill (jd-clawtip-payment-skill). Confirm you trust 'ms.jr.jd.com' and the payment skill implementation before sending any payments or credentials. - Check the path mismatch (instructions reference 'skills/clawtip-weather-skill/scripts/...' but files are at 'scripts/...') and test execution in a safe sandbox first. - Inspect the Python scripts yourself: they print entire server responses which may include unexpected or sensitive data. Ensure no secret or PII is leaked and that the payment flow is legitimate. If you rely on this skill, prefer to run it in a controlled environment and require explicit confirmation from the user before any payment operation. If you want a safer recommendation, ask the skill author to remove the chain-of-thought instruction, allow debugging on failures, and clarify the credential permission scope.
功能分析
Type: OpenClaw Skill Name: clawtip-weather-skill Version: 1.0.2 The skill is classified as suspicious primarily due to a shell injection vulnerability in SKILL.md, where user-provided input (<位置>) is directly concatenated into bash commands. Additionally, the instructions include a 'Caution' block that explicitly forbids the AI agent from inspecting the script's source code or debugging failures, which is a defensive prompt-injection technique used to limit the agent's oversight. While the scripts communicate with legitimate-looking JD Finance endpoints (ms.jr.jd.com) to facilitate a paid weather service, the combination of command injection risk and restrictive instructions for the agent warrants caution.
能力评估
Purpose & Capability
The name/description (paid weather reports) align with the included scripts that call remote order/payment and weather-result endpoints. Declared capability 'payment.process' and permissions for network outbound match the scripts' behavior. However the SKILL.md metadata and the package registry version differ, and the SKILL instructions reference a separate payment skill (jd-clawtip-payment-skill) which is plausible but should be verified before use.
Instruction Scope
SKILL.md instructs the agent to interact in Chinese and explicitly to include its thinking process (chain-of-thought) in conversations — this is out-of-scope for a utility skill and risks exposing internal reasoning. The SKILL.md also forbids inspecting the script source code if order creation fails, which is unusual and appears designed to prevent troubleshooting or audit. The run commands point to 'skills/clawtip-weather-skill/scripts/...' while the bundle contains 'scripts/create_order.py' and 'scripts/weather_report.py' at the top-level 'scripts/' path — a small but important path mismatch that may break execution or mask where code actually runs. The instructions also print the full JSON body from the remote service (the create_order script prints body) which could surface unexpected data to users/agents.
Install Mechanism
No install spec and no external downloads are present; the package is instruction + small Python scripts that use the standard library urllib. This is low-risk from an install-mechanism perspective (nothing is fetched or executed at install time).
Credentials
The skill declares no required environment variables or credentials and the scripts accept parameters from the command line. However SKILL.md metadata requests 'credential.read' permission and the flow relies on a separate payment skill producing a 'credential'. That permission should be clarified and limited: the skill itself does not declare or require arbitrary tokens but the metadata implies access to credentials which may be broader than necessary.
Persistence & Privilege
always:false and no special persistence mechanisms are requested. The skill does not request to modify other skills or system-wide settings. Autonomous invocation is allowed (default) but not combined with 'always:true' or broad unexplained credential access.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install clawtip-weather-skill
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /clawtip-weather-skill 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
- 新增说明:在订单创建成功后,明确告知 “AMOUNT” 字段为人民币分,需按元单位向用户展示付款金额。 - 移除无关文档 SKILL_BK.md,无其他功能变更。 - 其余工作流程和用法保持不变。
v1.0.1
Version 1.0.1 — No functional or documentation changes detected. - No file or documentation updates present in this version. - Behavior and features remain unchanged from the previous release.
v1.0.0
clawtip-weather-skill v1.0.0 - 专业天气报告服务发布,支持根据用户位置生成准确的每日天气报告 - 工作流程分为订单创建、支付处理、报告执行三大阶段,需验证订单及支付信息后完成服务 - 明确失败处理规范,订单创建异常时中止流程并报告详细失败原因 - 全程强制中文交互,需展现思考过程 - 依赖并集成“jd-clawtip-payment-skill”进行支付处理
元数据
Slug clawtip-weather-skill
版本 1.0.2
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 3
常见问题

clawtip-weather-skill 是什么?

一位精通天气领域的专家,能够根据用户所在位置提供准确的每日天气报告。这是一项付费服务,执行前需完成支付验证。请注意,你应该用中文和用户交互(包含你的思考过程)。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 138 次。

如何安装 clawtip-weather-skill?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawtip-weather-skill」即可一键安装,无需额外配置。

clawtip-weather-skill 是免费的吗?

是的,clawtip-weather-skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

clawtip-weather-skill 支持哪些平台?

clawtip-weather-skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 clawtip-weather-skill?

由 ClawTip.team(@xingyeyouran)开发并维护,当前版本 v1.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论