← 返回 Skills 市场

Dawang

Name: Dawang
Author: puckguo

作者 puckguo · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

103

总下载

当前安装

版本数

在 OpenClaw 中安装

/install dawang

功能描述

Dawang Workspace配置和技能索引

使用说明 (SKILL.md)

Dawang Workspace Skills

Workspace概述

Dawang是执行Agent，负责代码编写、脚本开发、技术实现。

本Workspace Skills

vtrain-food-analyzer

V-Train饮食数据分析器

位置: ~/.openclaw/workspaces/dawang/skills/vtrain-food-analyzer/
功能: 获取用户饮食记录，生成可视化报告

全局Skills引用

以下Skills在dawang中常用：

Skill	描述	位置
`dianping-screenshot`	大众点评截图	global
`feishu-send-image`	飞书发图	global
`web-scraper`	网页抓取	global

Chrome调试模式

大众点评等网站截图需要Chrome调试模式：

# 启动调试模式
open -a "Google Chrome" --args --remote-debugging-port=9222

端口: 9222

安全使用建议

This package appears to be a full local workspace with automation scripts, but several red flags exist: it contains hard-coded tokens (gateway token in scripts/compact_session.py), plaintext Feishu app credentials in memory files, cookie/session dumps, and scripts that edit agent.json and copy sessions between agents. These actions can expose or move sensitive data and change other agents' state. Do not install or run this skill on a production machine or with real credentials unless you: (1) audit and remove or rotate any hard-coded secrets, (2) review and sandbox or disable scripts that modify /Users/<user>/.openclaw/agents/* and sessions, (3) ensure Feishu/third-party credentials are provided via environment variables or secure vaults rather than left in files, and (4) run the code in an isolated test environment first. If you trust the author and need the functionality, at minimum remove or rotate embedded tokens and thoroughly review fix-* and compact_session scripts before use.

功能分析

Type: OpenClaw Skill Name: dawang Version: 1.0.0 The skill bundle contains multiple high-risk security issues, including hardcoded Feishu APP_SECRETs (scripts/podcasts/update_feishu.py), hardcoded Gateway tokens (scripts/compact_session.py), and live session cookies for dianping.com (beijing-bbq/dianping_cookies.json). It also includes self-modifying Python scripts (scripts/fix_final.py) that programmatically edit other skill files. While these appear to be part of a highly customized personal automation setup for fitness and podcast tracking, the inclusion of active credentials and self-patching logic is extremely risky. Additionally, SOUL.md contains strong persona-enforcement instructions that command the agent to hide its AI identity and strictly forbid it from allowing the user to perform manual tasks, which functions as a targeted prompt injection for identity obfuscation.

能力标签

cryptocan-make-purchasesrequires-oauth-token

能力评估

⚠ Purpose & Capability

Name/description (workspace config & skill index) matches many files that are local workspace tooling (cron, heartbeat, scrapers, feeders). However the bundle also includes utilities that directly manipulate other agent state/config (fix-agent-sessions.js, fix-sessions-complete.js), a WebSocket client that uses a hard-coded gateway auth token, and many exported data files (cookies, user data, phone/email). Some of these capabilities (editing agent.json across agents, direct gateway access) go beyond a simple 'index/config' description.

⚠ Instruction Scope

The SKILL.md text is minimal and benign, but the included files instruct or implement actions that read local config and secrets (feishu token lookups, reading ~/.openclaw config files, local cookies), connect to the local gateway (ws://127.0.0.1:18789) with a hard-coded token, and perform session migration/copying between agent directories. The runtime instructions in code access local files and modify agent configs/sessions not referenced in SKILL.md.

ℹ Install Mechanism

No external install/download mechanism is declared (instruction-only install), so nothing is pulled from remote during install. However the published bundle already contains many executable scripts and data files — installing this skill will place those files on disk and could grant them local execution when invoked.

⚠ Credentials

Registry metadata declares no required env vars, but multiple scripts expect or try to read secrets: FEISHU_APP_ID/FEISHU_APP_SECRET (and memory files contain plaintext Feishu app id/secret), a hard-coded gateway TOKEN is present in scripts/compact_session.py, and there are cookie/session files with session tokens for external sites (dianping). The skill therefore packages and uses multiple sensitive credentials without declaring or justifying them in SKILL.md.

⚠ Persistence & Privilege

The bundle contains scripts that modify other agents' configuration and session directories (fix-agent-sessions.js updates agent.json and sessions for multiple agents). While always:false and model invocation allowed are normal, these scripts have the ability to change system-wide agent state and copy session data across agents — a high-privilege action that should be explicitly documented and justified.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install dawang
安装完成后，直接呼叫该 Skill 的名称或使用 /dawang 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

- Initial release of dawang-workspace. - Documents the workspace overview and lists available skills. - Adds vtrain-food-analyzer for dietary data analysis and visualization. - References commonly used global skills: dianping-screenshot, feishu-send-image, and web-scraper. - Provides instructions for enabling Chrome debug mode for web screenshot functionality.

元数据

Slug dawang

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Dawang 是什么？

Dawang Workspace配置和技能索引. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 103 次。

如何安装 Dawang？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install dawang」即可一键安装，无需额外配置。

Dawang 是免费的吗？

是的，Dawang 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Dawang 支持哪些平台？

Dawang 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Dawang？

由 puckguo（@puckguo）开发并维护，当前版本 v1.0.0。