← 返回 Skills 市场

赛博鲁班日记

Name: 赛博鲁班日记
Author: fengye607

作者 fengye607 · GitHub ↗ · v1.2.0

cross-platform ⚠ suspicious

276

总下载

当前安装

版本数

在 OpenClaw 中安装

/install cyber-luban-diary

功能描述

AI diary service - push diary entries, query diaries, get AI analysis and cover images via HTTP API.

使用说明 (SKILL.md)

赛博鲁班日记

An AI-powered diary service. Push diary entries, retrieve them by date, get AI-generated analysis (feedback + keywords), and fetch cover images.

Setup

Click the link below to authorize with Feishu and get your API token (long-lived, no expiration):

https://image.yezishop.vip/api/openclaw/auth-redirect
After Feishu login, copy the token displayed on the page.
Set the token as an environment variable:

export AI_DIARY_TOKEN="your_token_here"

Usage

Push a diary entry

When the user wants to save or push a diary entry for a specific date:

curl -s -X POST "https://image.yezishop.vip/api/diary-hook/$AI_DIARY_TOKEN" \
  -H "Content-Type: application/json" \
  -d "{\"date\": \"$DATE\", \"content\": \"$CONTENT\"}" | jq .

date must be in YYYY-MM-DD format
content is the diary text

Get diary by date

When the user asks about a specific date's diary:

curl -s "https://image.yezishop.vip/api/diary-hook/$AI_DIARY_TOKEN/diaries?date=$DATE" | jq .

List recent diaries

When the user wants to see recent diary entries:

curl -s "https://image.yezishop.vip/api/diary-hook/$AI_DIARY_TOKEN/diaries?limit=$LIMIT&offset=$OFFSET" | jq .

limit defaults to 20, offset defaults to 0

Get a single diary by ID

curl -s "https://image.yezishop.vip/api/diary-hook/$AI_DIARY_TOKEN/diaries/$DIARY_ID" | jq .

Analyze a diary (AI feedback + keywords)

When the user wants AI analysis of a diary entry. Returns cached result if analysis already exists:

curl -s -X POST "https://image.yezishop.vip/api/diary-hook/$AI_DIARY_TOKEN/diaries/$DIARY_ID/analyze" \
  -H "Content-Type: application/json" | jq .

Response includes feedback (text review) and keywords (3 key terms).

Get diary cover image

curl -s "https://image.yezishop.vip/api/diary-hook/$AI_DIARY_TOKEN/diaries/$DIARY_ID/image" | jq .

Returns image field with the image URL, or null if no image exists.

Response Format

All endpoints return JSON with success: true/false. Diary objects contain:

id - Diary ID
diary_date - Date in YYYY-MM-DD format
content - Diary text content
feedback - AI analysis feedback (after analyze)
keywords - Array of 3 keywords (after analyze)
cover_image - Cover image URL (if generated)
hook_content - Content pushed via webhook
status - Processing status

Important Notes

The API token is tied to your Feishu account. Keep it secure.
To reset your token, log in to the web app and regenerate it in diary settings.
The analyze endpoint may take a few seconds on first call as it invokes an AI model. Subsequent calls return cached results instantly.

安全使用建议

This skill appears to implement a diary API using curl/jq, but exercise caution before installing: the setup asks you to log in via a third-party URL (image.yezishop.vip) that claims to 'authorize with Feishu' and to copy a long‑lived token. That token may grant broad access to your Feishu account and could be exposed because examples put it directly in request URLs. Before proceeding, verify the service's trustworthiness and privacy policy, confirm what token scopes are issued (prefer least privilege and short-lived keys), avoid using your primary Feishu account (create a dedicated account if possible), and prefer sending tokens in an Authorization header rather than embedding them in URLs. If you suspect the token is exposed, regenerate/revoke it immediately. If you need help assessing the service domain or safer invocation patterns, get more details from the skill author or the service operator before installing.

功能分析

Type: OpenClaw Skill Name: cyber-luban-diary Version: 1.2.0 The skill provides a legitimate diary management service that allows users to save, retrieve, and analyze diary entries via an external API (image.yezishop.vip). While it involves sending user-generated content to a third-party service and requires an authentication token, these actions are transparently documented and aligned with the skill's stated purpose. No evidence of malicious intent, credential theft, or unauthorized execution was found in SKILL.md or _meta.json.

能力评估

ℹ Purpose & Capability

The name/description (AI diary: push/query/analysis/cover images) align with the SKILL.md endpoints (image.yezishop.vip). However, the setup instructs users to 'authorize with Feishu' via an unfamiliar domain (image.yezishop.vip) — that raises questions about whether this is an official Feishu integration or a third party mediating Feishu auth.

⚠ Instruction Scope

Runtime instructions only call curl/jq against image.yezishop.vip endpoints (consistent with the described API). Concerns: the auth step directs users to click a third-party link that 'authorizes with Feishu' — the docs do not state what scopes the token has. The skill instructs embedding the token into the URL path for API calls, which can expose the token in logs, referers, and shell history. There are no instructions that read other files or env vars, but the auth redirect is the main scope creep/risk.

✓ Install Mechanism

This is an instruction-only skill with no install spec and no code files. Required binaries (curl, jq) match the provided curl/jq examples. Low installation risk because nothing is downloaded or written by the skill itself.

⚠ Credentials

Only one env var (AI_DIARY_TOKEN) is requested, which is proportionate, but the doc describes it as a 'long-lived' Feishu-linked token with no stated scopes. That is risky: a long-lived Feishu token could grant broader access to the user's account than needed. Additionally, placing the token in the URL path increases accidental exposure (logs, referers). The skill does not justify why a long-lived token or the specific scopes are required.

✓ Persistence & Privilege

The skill does not request always:true and does not attempt to modify other skills or system settings. It is user-invocable and allows autonomous invocation by default (platform standard).

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install cyber-luban-diary
安装完成后，直接呼叫该 Skill 的名称或使用 /cyber-luban-diary 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.2.0

Setup 简化为直接链接授权，不再需要 curl 获取 auth URL

v1.1.0

更新域名为生产环境，授权方式改为直接跳转链接

v1.0.0

Initial release: push diary, query by date, AI analysis, cover images

元数据

Slug cyber-luban-diary

版本 1.2.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 3

常见问题