← 返回 Skills 市场
ansz089

PrestaShop Bridge V1

作者 Ansz089 · GitHub ↗ · v1.0.3 · MIT-0
cross-platform ⚠ suspicious
134
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install prestashop-bridge-v1
功能描述
Secure skill pack for operating a PrestaShop 9 Bridge through a stable, signed, asynchronous API contract.
安全使用建议
Do not install or use this pack until you confirm a few things: 1) The registry/manifest shown to the platform should list the same required environment variables declared inside _meta.json and docs—if the platform shows none, ask the publisher why. 2) Verify the package actually includes .env.bridge.example and examples.http referenced by the validator; those files appear to be missing from the provided manifest. 3) Inspect validators/validate_examples.py: it contains a hard-coded SECRET used to compute example HMACs — treat this as an example secret only and ensure you never deploy or reuse it in production. 4) Confirm the package origin and homepage/source (source is unknown here); prefer packages with a verifiable upstream repo or publisher. 5) If you plan to deploy, ensure secrets (oauth client secret, HMAC secrets, JWT private key, DATABASE_URL, REDIS_DSN) are provided through secure secret storage and not committed. 6) Ask the publisher to fix metadata inconsistencies (registry requirements, included example files) and to remove or clearly label any embedded test secrets before trusting automated agents with these credentials.
功能分析
Type: OpenClaw Skill Name: prestashop-bridge-v1 Version: 1.0.3 The PrestaShop Bridge V1 skill bundle is a well-structured and security-focused integration for AI agents. It implements robust security measures including OAuth2 (RS256), HMAC-SHA256 request signing, and strict JSON schema validation (additionalProperties: false). The SKILL.md file contains safety-oriented 'Absolute refusal rules' that explicitly prohibit the agent from accessing the filesystem or database directly, ensuring it stays within the defined API boundary. The included validation script (validators/validate_examples.py) and comprehensive documentation demonstrate a high level of engineering rigor without any signs of malicious intent or obfuscation.
能力评估
Purpose & Capability
The SKILL.md, README, openapi.yaml, and schemas consistently describe a PrestaShop Bridge that legitimately requires secrets (OAuth client credentials, JWT keys, HMAC secret), Redis and MySQL access. However the registry-level 'Requirements' summary (top of the provided metadata) lists no required environment variables or config paths, which is inconsistent with _meta.json, docs, and the validator that all declare many required runtime variables. This mismatch between published metadata and the package contents is a red flag (either metadata was omitted or the package may be incomplete).
Instruction Scope
The SKILL.md instructions themselves are narrowly scoped to API usage, signing, and polling and explicitly forbid direct DB/filesystem access. That is coherent for a bridge contract. However the included validator script reads local files and expects a .env file and examples.http; the SKILL.md and docs instruct maintainers to run the validator and to verify exact HMAC examples. The validator also embeds a fixed SECRET used to compute example HMACs, which leaks an example signing secret inside the package and increases the chance someone will accidentally reuse it.
Install Mechanism
This is an instruction-only pack with no install spec and no external downloads — low installation risk. The only code files are small validators/eval scripts included for local verification.
Credentials
The package (in _meta.json and docs) declares many sensitive environment variables (OAUTH_CLIENT_SECRET, JWT_PRIVATE_KEY_PATH, HMAC_SECRET_CURRENT/PREVIOUS, DATABASE_URL, REDIS_DSN, etc.), which are proportionate to the stated bridge purpose. The problem is the registry-level requirements shown to the platform were empty; that inconsistency could cause a user to install without providing required secrets. Additionally, validators/validate_examples.py embeds a long hex SECRET constant — this is a hard-coded secret inside the repo (not a platform requirement) and could be mistaken for a runtime secret or misused; it's poor hygiene and may aid attackers if reused.
Persistence & Privilege
The skill does not request permanent platform presence (always:false) and does not request elevated platform privileges. It does not modify other skills. Autonomous invocation remains enabled (normal), but there is no combination of 'always' plus broad credentials here.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install prestashop-bridge-v1
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /prestashop-bridge-v1 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
Version 1.0.3 fixes publication trust issues by aligning package version metadata, declaring the environment contract explicitly, replacing all placeholder HMAC signatures with exact computed values, and strengthening local validation for examples and runtime requirements.
v1.0.1
Improved trust and validation for PrestaShop Bridge V1. Added quickstart, environment guide, trust and safety documentation, a local validator, split examples, schema-bound examples, and a clearer security policy.
v1.0.0
PrestaShop Bridge V1 1.0.1 introduces an extensive security and operational contract for stable interaction with PrestaShop 9 via modern API best practices. - OAuth2 (client credentials) with JWT (RS256) required for authentication and scope-based access. - HMAC SHA256 signing mandatory for all protected endpoints; includes strict signing protocol. - Synchronous reads, asynchronous writes, job polling, strict idempotency via X-Request-ID. - Complete API docs for core operations: read/write products/orders, import, and job status. - Rate limits, payload limits (10MB), compression guidelines, and explicit error/response handling documented. - Robust security, refusal, and usage rules laid out for reliability and compliance.
元数据
Slug prestashop-bridge-v1
版本 1.0.3
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 3
常见问题

PrestaShop Bridge V1 是什么?

Secure skill pack for operating a PrestaShop 9 Bridge through a stable, signed, asynchronous API contract. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 134 次。

如何安装 PrestaShop Bridge V1?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install prestashop-bridge-v1」即可一键安装,无需额外配置。

PrestaShop Bridge V1 是免费的吗?

是的,PrestaShop Bridge V1 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

PrestaShop Bridge V1 支持哪些平台?

PrestaShop Bridge V1 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 PrestaShop Bridge V1?

由 Ansz089(@ansz089)开发并维护,当前版本 v1.0.3。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 留言讨论