← 返回 Skills 市场

跨境卫士客户端

Name: 跨境卫士客户端
Author: mosquitood

作者 mosquitood · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install kuajingvs

功能描述

Use this skill when the user wants to call, test, debug, or integrate the 跨境卫士客户端 API defined by the bundled OpenAPI specification. Handles endpoint discover...

使用说明 (SKILL.md)

\r \r

跨境卫士客户端\r

\r Use this skill when the task involves interacting with the 跨境卫士客户端 API, including:\r \r

understanding available endpoints\r
generating curl commands\r
filling path, query, header, and body parameters\r
handling authentication\r
testing API requests\r
debugging request and response failures\r
translating user intent into concrete API calls\r \r

Bundled references\r

\r Before making assumptions about endpoints, request bodies, or response schemas, read the bundled OpenAPI specification from one of the following files:\r \r

references/openapi.yaml\r
references/openapi.json\r \r If present, also read:\r \r
references/auth.md\r \r Do not invent endpoints, fields, enum values, request formats, or response shapes that are not defined by the bundled specification or auth notes.\r \r

Workflow\r

Read the OpenAPI spec and identify the correct path and HTTP method.\r
Determine:\r
- base URL or server\r
- authentication scheme\r
- required headers\r
- path parameters\r
- query parameters\r
- request body schema\r
- expected response schema\r
Translate the user's goal into a concrete API call.\r
Prefer showing the exact curl command before or alongside execution when that improves transparency.\r
Use safe shell quoting when constructing commands.\r
Never expose secrets in full.\r
Summarize the result clearly, including the HTTP status code and important response fields.\r \r

Authentication rules\r

First inspect the OpenAPI spec for the declared security scheme.\r
If references/auth.md exists, follow it as the source of truth for authentication details not fully expressed in the OpenAPI document.\r
If credentials are already available in environment variables or local config, use them.\r
Never print secret values in full.\r
If a token or key must be shown for debugging, redact the middle portion.\r \r Common environment variable patterns to check:\r \r
BASE_URL\r
API_APP_ID\r
API_APP_SECRET\r
X_APP_ID\r
X_APP_SECRET\r
API_KEY\r
ACCESS_TOKEN\r
BEARER_TOKEN\r \r If the local auth notes define different names, follow those instead.\r \r

Request construction rules\r

Path parameters\r

\r Always substitute all required path parameters.\r \r

Query parameters\r

\r Only include query parameters that are relevant or explicitly requested. Do not send null or empty values unless the API expects them.\r \r

Request body\r

\r Build JSON request bodies that conform to the schema in the OpenAPI specification. If the schema has required fields, ensure they are present before sending the request.\r \r

Headers\r

\r Always include:\r \r

Accept: application/json\r \r Include:\r \r
Content-Type: application/json\r \r when sending JSON request bodies.\r \r If the API uses custom authentication headers such as x-app-id and x-app-secret, include them on every authenticated request.\r \r

Execution pattern\r

\r Prefer this style for JSON requests:\r \r

curl -sS \\r
  -X POST "$BASE_URL/example/path" \\r
  -H "Accept: application/json" \\r
  -H "Content-Type: application/json" \\r
  --data '{...}'

安全使用建议

This skill appears to be a straightforward OpenAPI-based API client, but it contains plaintext API credentials in references/auth.md. Before installing: (1) Treat those embedded x-app-id/x-app-secret values as sensitive — verify whether they are just examples or real keys; if real, do not use them for production and rotate/remove them. (2) Confirm the server/base URL is correct (the OpenAPI uses a 127.0.0.1 placeholder). (3) Be aware the SKILL.md tells the agent to check environment variables and local config for credentials — if you install, avoid exposing production secrets in the environment or remove them from the agent's runtime. (4) If you don't trust the embedded credentials, request a version of the skill with auth samples redacted or with instructions to read credentials only from clearly named, user-provided env vars. If you need additional assurance, ask the maintainer whether the credentials are samples and request their removal.

功能分析

Type: OpenClaw Skill Name: kuajingvs Version: 1.0.0 The skill is designed to facilitate interaction with the local API of the '跨境卫士' (Cross-border Guardian) client, a legitimate tool used by e-commerce sellers for account isolation. It provides an OpenAPI specification (`references/openapi.yaml`) and authentication guidelines (`references/auth.md`) to manage shop instances and retrieve Selenium connection details. The instructions in `SKILL.md` are well-structured for API interaction, and no indicators of data exfiltration, malicious execution, or prompt injection were found.

能力标签

requires-sensitive-credentials

能力评估

✓ Purpose & Capability

Name/description, the bundled OpenAPI, and the requested binaries (curl, python3) align: this is an instruction-only API client for the provided OpenAPI spec and curl-based testing.

ℹ Instruction Scope

SKILL.md stays mostly on-task (read the OpenAPI, construct requests, prefer showing curl, redact secrets). It does instruct the agent to check environment variables and 'local config' for credentials and lists common env var names to try; that is reasonable for an API client but gives the agent discretion to inspect environment variables beyond the skill's own files.

✓ Install Mechanism

No install spec and no code files — instruction-only — so nothing is written to disk by the skill itself. This is the lowest-risk install profile.

⚠ Credentials

The bundled references/auth.md includes plaintext x-app-id and x-app-secret values. That is unexpected given SKILL.md's rule 'Never expose secrets in full.' Embedding usable credentials in the skill files can cause accidental use or disclosure. The skill does not request unrelated cloud/provider credentials, but the presence of embedded secrets is disproportionate and risky if those keys are real or have any privileges.

✓ Persistence & Privilege

always is false and there is no mechanism to persist or alter other skills or system-wide settings. The skill can be invoked autonomously by the agent (default), which is normal; this is not combined with elevated privileges here.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install kuajingvs
安装完成后，直接呼叫该 Skill 的名称或使用 /kuajingvs 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of 跨境卫士客户端 skill. - Provides integration and interaction with 跨境卫士客户端 API using OpenAPI specification. - Automates endpoint discovery, request construction, authentication handling, and parameter validation. - Generates curl commands for transparency and debugging. - Interprets API responses and summarizes key results. - Follows provided OpenAPI and authentication documentation for accurate request formatting and secure handling of secrets.

元数据

Slug kuajingvs

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题