← 返回 Skills 市场
94
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install openclaw-aligenie-push
功能描述
主动向天猫精灵推送消息的技能。触发时机:(1) 用户要求"推送到天猫精灵"、"播报到天猫精灵"时 (2) 需要通过天猫精灵语音播报通知用户时 (3) 将任务完成状态或提醒推送到天猫精灵设备时。触发时机:(1) 用户要求"推送到天猫精灵"、"播报到天猫精灵"时 (2) 需要通过天猫精灵语音播报通知用户时 (3) 将...
安全使用建议
Things to consider before installing:
- Manifest vs implementation: The package code expects ALIGENIE_PUSH_SERVER, ALIGENIE_APP_ID, ALIGENIE_APP_SECRET and ALIGENIE_DEVICE_OPEN_ID but the skill registry lists no required env vars or config paths — ask the publisher to correct the manifest so you know what secrets will be needed.
- DEPLOY inconsistency: DEPLOY.md describes a Java PushServer and compiled class files, but the package contains a Python Flask push-server.py. Confirm which server you are expected to run and obtain the correct, trusted server binary/source.
- Network exposure: DEPLOY.md instructs opening port 58472 to 0.0.0.0/0. Exposing a custom HTTP endpoint to the public internet is risky. If you must expose it, restrict source IPs in the security group, require TLS, and put authentication in front of the endpoint (API key, mutual TLS, or VPN).
- Secrets handling: The design permits sending AppSecret in the HTTP request body to the push server. Only run the push server on infrastructure you fully control and access over TLS. Prefer storing secrets in environment variables or a secrets manager (not in plain TOOLS.md in your home dir). Rotate AppSecret if it may have been exposed during testing.
- Verify code: Review push-server.py and push.py to ensure they only call the documented Aligenie endpoints and do not forward credentials to other endpoints. Use the provided mock-server.py for local testing first.
- Request fixes: Ask the publisher to (1) update the skill metadata to declare required env vars and config paths, (2) fix DEPLOY.md to match the provided server implementation, and (3) avoid advising 0.0.0.0/0 exposure without recommending authentication and TLS.
If these issues are addressed (manifest corrected, deployment instructions fixed, and a secure deployment pattern enforced), the skill's behavior is coherent with its purpose. Until then, treat it with caution.
能力评估
Purpose & Capability
The code and SKILL.md implement Aligenie push functionality (push.py, push-server.py, mock-server.py) which matches the skill description. However the skill manifest declares no required environment variables or config paths while the implementation clearly expects ALIGENIE_PUSH_SERVER, ALIGENIE_APP_ID, ALIGENIE_APP_SECRET, and ALIGENIE_DEVICE_OPEN_ID (via env or TOOLS.md). This mismatch is an incoherence.
Instruction Scope
SKILL.md and DEPLOY.md instruct deployment of a public push server and storing AppSecret/openId in TOOLS.md or environment variables. push.py will read ~/.openclaw/workspace/TOOLS.md and environment variables for secrets; push-server.py accepts appSecret in the request body or from env and will call Aligenie APIs. The instructions also tell you to open port 58472 to 0.0.0.0/0 — a risky, broad exposure. DEPLOY.md further contradicts the packaged code by describing a Java PushServer (preinstalled Java and compiled class files) while the repo contains a Python Flask push-server.py.
Install Mechanism
There is no remote install/download step; the package ships code files (Python) and instructions. No external arbitrary URL downloads are used. The code depends on common Python packages (requests, flask) which are expected and local.
Credentials
The implementation requires ALIGENIE_APP_ID and ALIGENIE_APP_SECRET (sensitive credentials) and ALIGENIE_PUSH_SERVER and ALIGENIE_DEVICE_OPEN_ID, but the skill registry metadata does not declare any required env vars or config paths. push.py also attempts to read ~/.openclaw/workspace/TOOLS.md for credentials, which is a local file-read that should have been declared. Accepting AppSecret in HTTP request body (push-server.py) means credentials may be transmitted over the network to whichever push_server is configured; if that server is misconfigured or untrusted, secrets could be exfiltrated.
Persistence & Privilege
The skill is not always-enabled and does not request platform-level persistence. It does not modify other skills or system-wide settings. However, the deployment instructions ask you to run a long-lived public server (recommended as a system service) which increases operational exposure.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-aligenie-push - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-aligenie-push触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
- 修正配置文档示例,服务器地址描述更通用(腾讯云 → 云服务器)。
- 前置条件与配置文本去除对具体云服务供应商的限定,更加通用。
- SKILL.md 文件中 description 字段末尾内容有重复。
v1.0.0
openclaw-aligenie-push v1.0.0
- Initial release of the skill for pushing proactive messages to Tmall Genie devices.
- Supports message broadcasting via commands or async Python function calls.
- Customizable parameters for text content, device type, and target device.
- Includes setup and configuration guide for Tmall Genie integration and server deployment.
元数据
常见问题
Openclaw Aligenie Push 是什么?
主动向天猫精灵推送消息的技能。触发时机:(1) 用户要求"推送到天猫精灵"、"播报到天猫精灵"时 (2) 需要通过天猫精灵语音播报通知用户时 (3) 将任务完成状态或提醒推送到天猫精灵设备时。触发时机:(1) 用户要求"推送到天猫精灵"、"播报到天猫精灵"时 (2) 需要通过天猫精灵语音播报通知用户时 (3) 将... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 94 次。
如何安装 Openclaw Aligenie Push?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-aligenie-push」即可一键安装,无需额外配置。
Openclaw Aligenie Push 是免费的吗?
是的,Openclaw Aligenie Push 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Openclaw Aligenie Push 支持哪些平台?
Openclaw Aligenie Push 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Openclaw Aligenie Push?
由 AxelHu(@axelhu)开发并维护,当前版本 v1.0.2。
推荐 Skills