← 返回 Skills 市场
1607
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-huckleberry-skill
功能描述
Track baby sleep, feeding, diapers, and growth via Huckleberry app API. Use for logging baby activities through natural language.
安全使用建议
What to consider before installing:
- The SKILL.md and code require HUCKLEBERRY_EMAIL/HUCKLEBERRY_PASSWORD or a credentials file (~/.config/huckleberry/credentials.json); the registry metadata does not list these — expect to supply secrets if you use it.
- The script imports google.cloud.firestore and directly reads/writes Firestore documents (api._get_firestore_client()). That may cause the script to use Google Application Default Credentials (GOOGLE_APPLICATION_CREDENTIALS or gcloud user creds) if they exist — be careful: it can access other Google project credentials present on the host.
- The package installation is a pip install from a GitHub repo (not a vetted PyPI release). Review the upstream py-huckleberry-api repo and the included scripts/hb.py source yourself before installing.
- If you decide to use it: run in an isolated environment (dedicated VM/container or virtualenv), create a Huckleberry account with least-privilege credentials, avoid reusing sensitive Google credentials, and inspect the code paths that call Firestore to ensure writes are intended.
- If you need a cleaner trust boundary, request the publisher add explicit metadata for required env vars/config paths and document the Firestore usage (why direct Firestore access is necessary) so you can assess risk more precisely.
功能分析
Type: OpenClaw Skill
Name: openclaw-huckleberry-skill
Version: 0.1.0
This skill is classified as suspicious due to its reliance on a reverse-engineered API client (`py-huckleberry-api` from GitHub) and its direct interaction with Google Cloud Firestore. While the current implementation uses Firestore for benign purposes (extending note functionality and precise sleep logging), this direct, low-level access to the backend data store (as seen in `scripts/hb.py` via `api._get_firestore_client()` and `add_notes_to_latest_interval()`) represents a powerful capability that, if misused, could lead to unauthorized data manipulation or exfiltration. The installation from a GitHub URL also introduces a supply chain risk. There is no clear evidence of intentional malicious behavior, but these risky capabilities warrant a 'suspicious' classification.
能力评估
Purpose & Capability
Name/description claim to log baby activities via Huckleberry API which matches the included CLI. However the code also imports and uses google.cloud.firestore and calls api._get_firestore_client() to read/write Firestore documents directly — a capability not declared in the skill metadata (no required env vars or config paths were listed). The direct Firestore access is more powerful than a simple API wrapper and is not reflected in the registry metadata.
Instruction Scope
SKILL.md and the script instruct the agent to read credentials from environment variables or ~/.config/huckleberry/credentials.json and to install a GitHub-hosted Python package. The code performs direct Firestore reads/writes (bypassing a documented external service endpoint) and will attempt to use Google Application Default Credentials if present — this expands scope to include local config and cloud credentials beyond the Huckleberry username/password.
Install Mechanism
There is no registry install spec, but SKILL.md asks to pip install a GitHub repository (git+https://github.com/Woyken/py-huckleberry-api.git). Installing a package directly from a GitHub repo is common but higher-risk than a vetted PyPI release because it pulls arbitrary code from that repo.
Credentials
The repository metadata declared no required environment variables or config paths, yet SKILL.md and scripts require HUCKLEBERRY_EMAIL and HUCKLEBERRY_PASSWORD (or a credentials file) and the code may rely on Google Cloud credentials (ADC) for Firestore access. Required secrets are not declared in the skill metadata and additional implicit credential surfaces (Google Application Default Credentials, local config) exist.
Persistence & Privilege
always is false and the skill does not request system-wide persistent installation in the registry. The script will read/write a credentials file under the user's home (~/.config/huckleberry) and may access Google Cloud ADC, but it does not modify other skills or request elevated platform-wide privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-huckleberry-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-huckleberry-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of the huckleberry baby activity tracking skill.
- Enables tracking of baby sleep, feeding (breast and bottle), diapers, and growth via the Huckleberry app's API and CLI tools.
- Supports logging via natural language with built-in follow-up prompts for missing details (e.g., bottle amount, diaper type).
- Provides agent guidelines to always include AI attribution in notes for logging actions.
- Offers detailed CLI usage examples and a comprehensive parameter reference for all activity types.
- Allows flexible setup: environment variables or config file for credentials, with easy pip installation.
元数据
常见问题
Huckleberry 是什么?
Track baby sleep, feeding, diapers, and growth via Huckleberry app API. Use for logging baby activities through natural language. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1607 次。
如何安装 Huckleberry?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-huckleberry-skill」即可一键安装,无需额外配置。
Huckleberry 是免费的吗?
是的,Huckleberry 完全免费(开源免费),可自由下载、安装和使用。
Huckleberry 支持哪些平台?
Huckleberry 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Huckleberry?
由 aaronn(@aaronn)开发并维护,当前版本 v0.1.0。
推荐 Skills