← 返回 Skills 市场
690
总下载
0
收藏
2
当前安装
7
版本数
在 OpenClaw 中安装
/install lead-storage
功能描述
Persist validated lead objects through write-only storage operations after Supervisor provides explicit confirmation. Use when users ask to save approved lea...
使用说明 (SKILL.md)
Lead Storage
Store validated leads with strict confirmation gating.
Quick Triggers
- Save approved leads to Google Sheets.
- Persist these normalized records after confirmation.
- Commit validated leads with confirmation token.
Recommended Chain
... -> supervisor confirmation -> lead-storage
Execute Workflow
- Accept payload from Supervisor.
- Validate payload with
references/storage-input.schema.json. - Verify
confirmation_tokenis present and non-empty. - Write leads to storage through write-only interfaces.
- Preserve optional extraction/normalization/scoring metadata when present:
- extraction:
deal_type,asset_class,price_basis,area_sqft,area_basis - record typing:
dataset_mode,record_type - location:
city,city_canonical,locality_canonical,micro_market,location_hint - prioritization:
urgency,priority_bucket
- extraction:
- Enforce idempotency by
lead_idand avoid duplicate inserts for repeated broker forwards. - Return result using
references/storage-output.schema.json. - On partial failures, return
status: "failure"and a populatederror_message.
Enforce Boundaries
- Never parse raw messages.
- Never extract new lead entities.
- Never perform read queries for analytics or summaries.
- Never generate suggested actions.
- Never write anything when confirmation token is missing or invalid.
- Never self-approve writes.
Reliability Rules
- Prefer idempotent writes keyed by
lead_id. - Log rejected writes with validation reason.
- Fail closed on any permission ambiguity.
安全使用建议
Before installing or enabling this skill, get answers to these questions from the publisher or your integrator:
- Exactly which storage backends does the skill write to (Google Sheets, which DB types and endpoints)? Provide concrete endpoint formats.
- What credentials or config does it require (OAuth service account, GOOGLE_SHEETS_ID, DB_URL, DB_USER, DB_PASSWORD, etc.)? These should be declared explicitly so you can apply least privilege.
- Where and how are credentials stored/used? Prefer short-lived tokens or scoped service accounts with write-only permissions.
- How is the confirmation_token generated and validated? Confirm the skill cannot self-approve or accept spoofed tokens.
- Ask for an implementation description or code sample showing the write path (which SDKs/APIs are used) and confirmation that no reads or analytics queries are executed.
- Verify idempotency behavior (how duplicate lead_id is detected) and what logging/audit trails are produced for writes and rejections.
If the publisher can provide explicit, matching metadata (required env vars and config paths) and an implementation that only uses documented, auditable write-only connectors, the incoherence is resolved and the risk decreases. If they cannot, treat the skill as suspicious because it claims to perform privileged network writes but exposes no clear authentication or destination mechanism. Also consider data governance: this skill will persist PII (names, phone numbers); ensure compliance with your policies and test in a non-production environment first.
功能分析
Type: OpenClaw Skill
Name: lead-storage
Version: 1.0.6
The OpenClaw skill bundle 'lead-storage' is classified as benign. The `SKILL.md` provides clear, well-bounded instructions for the AI agent, explicitly stating negative constraints such as 'Never parse raw messages', 'Never perform read queries for analytics or summaries', and 'Never write anything when confirmation token is missing or invalid'. The input and output schemas (`references/storage-input.schema.json`, `references/storage-output.schema.json`) are strictly defined with `additionalProperties: false`, preventing unexpected data. There is no evidence of prompt injection, data exfiltration, malicious execution, persistence, or other harmful behaviors. The skill's design emphasizes controlled, confirmed, and write-only storage operations.
能力评估
Purpose & Capability
The skill's stated purpose is to persist leads to external storage (Google Sheets or DB). However, the registry metadata declares no required environment variables, credentials, or config paths. A storage-writing capability normally requires at least one destination credential (API key, DB URL, OAuth token, service account, etc.). The absence of any declared secrets or target configuration is disproportionate to the claimed purpose and creates an incoherence: the skill says it will perform writes but provides no explicit mechanism for authenticating to any storage.
Instruction Scope
SKILL.md gives a narrowly-scoped workflow (validate payload against schema, verify confirmation_token, perform write-only idempotent writes, return a structured result) and explicitly forbids parsing, extraction, reads, or self-approval. That is reasonable and conservative. However, the instructions reference generic "write-only interfaces" without specifying which interfaces/endpoints, how to authenticate, or what to do if multiple storage backends are available. That vagueness grants implementers broad discretion and could hide how and where data is sent.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. Nothing is written to disk by the skill itself. From an installation perspective this is low risk and consistent with a simple orchestration skill.
Credentials
The skill requests no environment variables or primary credentials, yet its description explicitly mentions Google Sheets or databases. Persisting personally identifiable information (names, phone numbers) to external services typically requires credentials and least-privilege configuration. The lack of declared required env vars or config paths is a red flag — either the skill relies on implicit platform connectors (not documented) or its metadata is incomplete/incorrect. Both possibilities warrant caution.
Persistence & Privilege
The skill does not request always:true and defaults allow normal invocation controls. It does not request modification of other skills or system-wide settings. The listed reliability rules (fail-closed, idempotency, logging) are appropriate. No elevated persistence or system privileges are requested.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install lead-storage - 安装完成后,直接呼叫该 Skill 的名称或使用
/lead-storage触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.6
Align broker-group contracts: dataset_mode, record_type, and expanded summary/prioritization schemas.
v1.0.5
Preserve richer extracted metadata fields in storage payload
v1.0.4
Preserve RE-India title and improve install-facing guidance
v1.0.3
Improve use-when clarity and chain guidance
v1.0.2
Rename display title with RE-India suffix
v1.0.1
Append RE-India suffix to display names
v1.0.0
Initial release of lead-storage skill.
- Supports write-only storage of validated leads with explicit Supervisor confirmation.
- Enforces strong boundaries: no parsing, extraction, analytics, or recommendations.
- Rejects any write attempts lacking a valid confirmation token.
- Handles partial failures with clear status and error messaging.
- Implements reliability rules including idempotent writes and robust validation.
元数据
常见问题
Lead Storage 是什么?
Persist validated lead objects through write-only storage operations after Supervisor provides explicit confirmation. Use when users ask to save approved lea... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 690 次。
如何安装 Lead Storage?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install lead-storage」即可一键安装,无需额外配置。
Lead Storage 是免费的吗?
是的,Lead Storage 完全免费(开源免费),可自由下载、安装和使用。
Lead Storage 支持哪些平台?
Lead Storage 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Lead Storage?
由 Vishal(@vishalgojha)开发并维护,当前版本 v1.0.6。
推荐 Skills