功能描述

Customer support via Crisp API. Use when the user asks to check, read, search, or respond to Crisp inbox messages. Requires Crisp website ID and plugin token (authenticated via environment variables CRISP_WEBSITE_ID, CRISP_TOKEN_ID, and CRISP_TOKEN_KEY).

使用说明 (SKILL.md)

Crisp Customer Support

Name: Crisp Skill
Author: paul-phan

Crisp is a customer support platform. Use this skill when the user needs to:

Check for new messages in the inbox
Read conversation history
Search conversations
Send replies to customers
Check conversation status

Credentials

Crisp requires authentication via HTTP headers with a token identifier and key (Basic Auth), plus the website ID for the API URL.

Set these as environment variables (stored securely, never logged):

CRISP_WEBSITE_ID - Your website identifier (e.g., 0f4c...)
CRISP_TOKEN_ID - Your Plugin Token Identifier (e.g., e47d...)
CRISP_TOKEN_KEY - Your Plugin Token Key (e.g., a7d7...)

Common Workflows

Check Inbox Status

scripts/crisp.py inbox list --page 1

Read Conversation

scripts/crisp.py conversation get \x3Csession_id>

Get Messages in Conversation

scripts/crisp.py messages get \x3Csession_id>

Send a Reply

scripts/crisp.py message send \x3Csession_id> "Your reply text here"

Search Conversations

scripts/crisp.py conversations search "query terms" --filter unresolved --max 10

Mark as Read

scripts/crisp.py conversation read \x3Csession_id>

Resolve Conversation

scripts/crisp.py conversation resolve \x3Csession_id>

API Reference

Key endpoints used:

GET /v1/website/{website_id}/conversations/{page} - List conversations
GET /v1/website/{website_id}/conversation/{session_id} - Get conversation details
GET /v1/website/{website_id}/conversation/{session_id}/messages - Get messages
POST /v1/website/{website_id}/conversation/{session_id}/message - Send message
PATCH /v1/website/{website_id}/conversation/{session_id}/read - Mark as read
PATCH /v1/website/{website_id}/conversation/{session_id} - Update/resolve

Base URL: https://api.crisp.chat

Notes

Always ask before sending customer replies to confirm tone/content
Check for meta.email in conversation for customer email
Verify CRISP_WEBSITE_ID, CRISP_TOKEN_ID, and CRISP_TOKEN_KEY are set before running commands
Use --json flag for script output when parsing programmatically

安全使用建议

This skill's code and docs match its claimed Crisp inbox functionality and it only needs Crisp plugin credentials, but the registry metadata incorrectly states that no environment variables are required — treat that as a red flag. Before installing: 1) Confirm you trust the skill owner/source (no homepage provided). 2) Verify the full script (the provided listing here was partially truncated) to ensure there are no hidden network calls or logging of secrets. 3) Create a Crisp plugin token with the minimum required scopes and prefer short-lived or revocable tokens; avoid placing tokens in long-lived shell profiles on shared machines. 4) Be aware the CLI can print full API responses (which may include visitor emails, IPs, or other metadata) so avoid running it in logs or screenshots where sensitive data could leak. 5) If you rely on automated policy checks, request that the registry metadata be corrected to declare CRISP_WEBSITE_ID, CRISP_TOKEN_ID, and CRISP_TOKEN_KEY (and the 'requests' dependency) before enabling the skill.

功能分析

Type: OpenClaw Skill Name: crisp Version: 1.0.0 The OpenClaw AgentSkills skill bundle for Crisp customer support is benign. The `scripts/crisp.py` script correctly uses environment variables for API authentication (CRISP_WEBSITE_ID, CRISP_TOKEN_ID, CRISP_TOKEN_KEY) and communicates solely with the official Crisp API at `https://api.crisp.chat`. There is no evidence of data exfiltration, malicious command execution, persistence mechanisms, or prompt injection attempts in `SKILL.md` or `README.md` that would lead to unauthorized actions or data access beyond the stated purpose of managing Crisp conversations.

能力评估

ℹ Purpose & Capability

The skill's name, README, SKILL.md, and script all describe Crisp inbox operations and use Crisp plugin credentials — that matches the stated purpose. However the registry metadata claims 'Required env vars: none' and 'Primary credential: none' while both SKILL.md and the script require CRISP_WEBSITE_ID, CRISP_TOKEN_ID, and CRISP_TOKEN_KEY. This metadata omission is an inconsistency that could mislead users or automated guards.

✓ Instruction Scope

The SKILL.md instructs the agent to call Crisp API endpoints (list conversations, get messages, send replies, mark read/resolve). The instructions only reference the Crisp API and the three environment variables; they do not ask the agent to read unrelated files or exfiltrate data to other endpoints. The README warns to store env vars securely and suggests installing 'requests'.

ℹ Install Mechanism

There is no install spec (instruction-only), which minimizes risk of arbitrary downloads. The script depends on the Python 'requests' package; the README instructs pip3 install requests. The registry metadata does not declare this dependency, which is a minor inconsistency to be aware of.

⚠ Credentials

The skill legitimately needs three Crisp credentials (website ID, token id, token key) and requests only those. However, the published metadata failed to list any required environment variables or primary credential — this mismatch is concerning because automated policy checks or users may not realize sensitive tokens are required or used. Also note that the README suggests adding tokens to shell profiles, which can persist secrets in plain text and may be inappropriate for some environments.

✓ Persistence & Privilege

The skill is not always-on and is user-invocable. It does not request system-wide persistence or modify other skills. Autonomous model invocation is allowed (default) but that is the platform norm and is not by itself flagged here.

版本历史

v1.0.0

Initial release – integrates Crisp customer support API. - Supports checking inbox, reading/searching conversations, sending and marking replies, and resolving conversations. - Requires authentication via environment variables for website ID and plugin token. - Includes example CLI workflows and key API endpoint documentation. - Security notes: credentials are stored via environment variables and never logged. - Recommends confirmation before sending replies and provides usage best practices.

元数据

Slug crisp

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Crisp Skill 是什么？

Customer support via Crisp API. Use when the user asks to check, read, search, or respond to Crisp inbox messages. Requires Crisp website ID and plugin token (authenticated via environment variables CRISP_WEBSITE_ID, CRISP_TOKEN_ID, and CRISP_TOKEN_KEY). 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 1875 次。

如何安装 Crisp Skill？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install crisp」即可一键安装，无需额外配置。

Crisp Skill 是免费的吗？

是的，Crisp Skill 完全免费（开源免费），可自由下载、安装和使用。

Crisp Skill 支持哪些平台？

Crisp Skill 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Crisp Skill？

由 Minh Phan (Paul)（@paul-phan）开发并维护，当前版本 v1.0.0。

Crisp Skill