← 返回 Skills 市场
spzwin

Cms Report Issue

作者 spzwin · GitHub ↗ · v1.0.2 · MIT-0
cross-platform ⚠ suspicious
103
总下载
0
收藏
1
当前安装
3
版本数
在 OpenClaw 中安装
/install cms-report-issue
功能描述
用于"反馈问题 / 报 bug / 上报错误 / 提交 issue / 查看 Skill 问题列表 / 标记问题已解决 / 关闭问题"。处理 Skill 使用过程中遇到的报错、异常、改进建议;支持 stdin 管道接收错误输出。是 cms-create-skill 与 cms-push-skill 的统一问题反馈入口
使用说明 (SKILL.md)

CMS Skill 问题上报工具

当前版本: v1.0.1

cms-report-issue 只负责问题闭环:

  1. 提交问题。
  2. 查看问题列表和统计。
  3. 解决或关闭问题。

cms-create-skillcms-push-skill 如果遇到问题反馈场景,统一转交到这里处理。

能力总览

# 能力 脚本 需要登录
1 提交问题 scripts/issue_report/report_issue.py
2 查看问题列表 scripts/issue_report/list_issues.py
3 更新问题状态 scripts/issue_report/update_issue.py

路由

  • 上报问题:python3 cms-report-issue/scripts/issue_report/report_issue.py --skill-code my-skill --version 1.0.0 --error "..."
  • 管道上报:python3 some_script.py 2>&1 | python3 cms-report-issue/scripts/issue_report/report_issue.py --skill-code my-skill --stdin
  • 查看问题:python3 cms-report-issue/scripts/issue_report/list_issues.py --skill-code my-skill
  • 查看统计:python3 cms-report-issue/scripts/issue_report/list_issues.py --stats
  • 解决问题:python3 cms-report-issue/scripts/issue_report/update_issue.py --issue-id abc123 --status resolved --resolution "已修复"
  • 关闭问题:python3 cms-report-issue/scripts/issue_report/update_issue.py --issue-id abc123 --status closed

规则

  1. 问题提交、查看、关闭统一使用 scripts/issue_report/ 下的脚本。
  2. 需要鉴权的动作只有问题状态更新;鉴权统一通过 cms-auth-skills 准备 access-token
  3. 问题上报失败不应阻塞原始业务流程;装饰器模式下异常仍需重新抛出。
  4. 所有说明文档统一使用 Markdown,不维护旧接口文档目录。

能力树

cms-report-issue/
├── SKILL.md
├── references/
│   └── issue-report/
│       └── README.md
├── github-issue-templates/
│   ├── config.yml
│   ├── bug_report.yml
│   ├── feature_request.yml
│   └── ...
└── scripts/
    └── issue_report/
        ├── README.md
        ├── list_issues.py
        ├── report_issue.py
        └── update_issue.py
安全使用建议
This skill implements report/list/update of issues and calls a remote API by default (https://skills.mediportal.com.cn). Before installing: 1) Inspect or run the included Python scripts locally — they will POST error text (including stdin) to the remote service. 2) Be cautious that the scripts disable TLS certificate checks (insecure — enables MITM). 3) Note they read XG_USER_TOKEN/access-token/ACCESS_TOKEN from the environment even though metadata didn't declare credentials; avoid having sensitive tokens in your environment when running these scripts. 4) If you need this functionality, prefer to (a) set --api-base to a trusted endpoint you control, (b) remove or fix the _ssl_context TLS bypass, and (c) ensure tokens are provided explicitly and documented (or use cms-auth-skills as intended). 5) If uncertain, run the scripts in an isolated environment/container and audit network traffic before enabling in production.
功能分析
Type: OpenClaw Skill Name: cms-report-issue Version: 1.0.2 The skill bundle contains scripts (list_issues.py, report_issue.py, update_issue.py) that explicitly disable SSL certificate verification (ssl.CERT_NONE) while transmitting sensitive authentication tokens—retrieved from environment variables like XG_USER_TOKEN—to a remote API (https://skills.mediportal.com.cn). While this behavior is a critical security vulnerability that exposes credentials to Man-In-The-Middle (MITM) attacks, it appears to be a significant architectural flaw rather than intentional malware, as the logic aligns with the stated purpose of issue reporting and management.
能力评估
Purpose & Capability
The scripts' network calls to a central issue-management API (https://skills.mediportal.com.cn) are coherent with the skill's stated purpose of reporting and listing issues. However the SKILL metadata declares no required env vars or credentials while the code reads token environment variables for auth; that omission is inconsistent and surprising.
Instruction Scope
SKILL.md and scripts instruct the agent/user to run included Python scripts which will POST data to a remote API and optionally update issue status. The instructions reference 'cms-auth-skills' to prepare an access-token, but the skill does not declare or require any env vars — the scripts nonetheless read XG_USER_TOKEN / access-token / ACCESS_TOKEN. The scripts also accept stdin and can include arbitrary error output in reports, meaning potentially sensitive logs could be sent to the external endpoint.
Install Mechanism
No install spec (instruction-only) which minimizes install-time risks. However the bundle includes Python scripts that assume a Python 3 runtime is present and will be executed; SKILL metadata does not list required binaries (python3), which is an inconsistency but not an intrinsic supply-chain risk.
Credentials
The code reads environment variables named XG_USER_TOKEN / access-token / ACCESS_TOKEN and will include them as an 'access-token' HTTP header when present. The skill metadata did not declare these required/optional env vars. Requesting or using access tokens is reasonable for updating issues, but the lack of declaration and the scripts' ability to upload arbitrary stdin/logs creates an exfiltration risk if sensitive data or unrelated tokens are present in the environment.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent platform privileges. It does not modify other skills or system-wide settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install cms-report-issue
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /cms-report-issue 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
CMS Skill 创建工具更新 - 版本 1.21.1,优化技能创建流程和文档结构
v1.0.1
- 更新 SKILL.md,版本号由 v1.0.0 升级为 v1.0.1 - 其他文档内容和功能保持不变
v1.0.0
- Initial release of cms-report-issue v1.0.0. - Provides unified tools to report, list, and update issues for CMS skills. - Supports direct and piped error reporting, issue statistics, and state updates (resolved/closed). - Only issue status updates require authentication via cms-auth-skills. - Centralizes all problem feedback from cms-create-skill and cms-push-skill into one entrypoint.
元数据
Slug cms-report-issue
版本 1.0.2
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 3
常见问题

Cms Report Issue 是什么?

用于"反馈问题 / 报 bug / 上报错误 / 提交 issue / 查看 Skill 问题列表 / 标记问题已解决 / 关闭问题"。处理 Skill 使用过程中遇到的报错、异常、改进建议;支持 stdin 管道接收错误输出。是 cms-create-skill 与 cms-push-skill 的统一问题反馈入口. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 103 次。

如何安装 Cms Report Issue?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install cms-report-issue」即可一键安装,无需额外配置。

Cms Report Issue 是免费的吗?

是的,Cms Report Issue 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Cms Report Issue 支持哪些平台?

Cms Report Issue 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Cms Report Issue?

由 spzwin(@spzwin)开发并维护,当前版本 v1.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论