honor

Provides JSON API commands to fetch Picqer dashboard KPIs, picklists, stock movements, and revenue data for order fulfillment monitoring.

This package contains a Picqer dashboard implementation that will read PICQER_SUBDOMAIN and PICQER_API_KEY from environment and will start a background sync every 5 minutes. Before installing: (1) confirm the skill metadata is corrected to declare required env vars (PICQER_SUBDOMAIN, PICQER_API_KEY); (2) verify you are comfortable storing the Picqer API key in the local .env and that the runtime enforces the stated access restrictions (Tailscale); (3) accept that the skill will perform autonomous periodic network calls (cron) even when not invoked via commands; and (4) review the code yourself or run in an isolated environment to ensure no hidden exfiltration. If you want a stricter review, ask for verification that the skill will not run the cron when disabled and request the author to update SKILL.md/registry metadata to list required env vars and document the background sync.

Type: OpenClaw Skill Name: picqer-fulfillment Version: 1.0.0 The OpenClaw skill 'picqer-fulfillment' is designed for fetching and processing Picqer dashboard data. It securely handles API keys by loading them from environment variables via `dotenv` (`env.ts`) and uses them for authenticated requests to the Picqer API (`picqer-api.ts`). Input filters are safely incorporated into URL query parameters, preventing injection vulnerabilities. The `SKILL.md` explicitly instructs the agent to provide JSON-only responses, mitigating prompt injection risks against the agent itself. While `cron.ts` sets up a recurring task, its purpose is benign data synchronization, and no evidence of malicious execution, data exfiltration to unauthorized endpoints, or persistence mechanisms beyond its stated function was found. The markdown rendering functions in `dashboard-renderer.ts` are not intended for the agent's output, as per `SKILL.md`.