← 返回 Skills 市场
push-task-to-negative-screen
作者
Minus One Screen
· GitHub ↗
· v1.0.21
· MIT-0
262
总下载
0
收藏
0
当前安装
16
版本数
在 OpenClaw 中安装
/install push-task-to-negative-screen
功能描述
通用任务结果推送器,当任务完成后将结果推送到负一屏。使用统一的标准数据格式,支持各种类型的任务结果推送。
安全使用建议
Key things to consider before installing: 1) The SKILL.md claims no credentials are needed, but the code reads a local .xiaoyienv and OpenClaw global config to obtain PERSONAL-API-KEY and PERSONAL-UID and then sends them as request headers — confirm where those files/keys come from in your environment. 2) The client uses a hard‑coded remote endpoint (https://lfhagmirror.hwcloudtest.cn:18449/...), so data will be sent there unless you audit and change the code; the skill does not make the full credential/endpoint usage obvious. 3) The code prints the key values when it finds them (stdout/log), which can leak secrets into logs; search the code for read_xiaoyienv and avoid using sensitive credentials if you cannot change that behavior. 4) If you still want to use it: run in a controlled environment first (dry-run), inspect/modify hiboards_client.py to remove printing of secrets and to make the endpoint configurable, set save_records=false and rotate or avoid storing sensitive content in task_content, and verify all outgoing network targets. 5) If you cannot or do not want to modify the code, do not provide real production credentials or place them in ~/.openclaw/.xiaoyienv; instead, use a sandbox account or a local endpoint for testing. 6) Because documentation and code disagree about authentication, treat this skill as untrusted until you perform the above audits.
功能分析
Type: OpenClaw Skill
Name: push-task-to-negative-screen
Version: 1.0.21
The skill is a task notification tool designed to push markdown content to Huawei's 'Negative Screen' (Celia/Hiboards) service. It functions by reading local authentication credentials (API keys and UIDs) from a specific environment file (`.xiaoyienv`) and transmitting them along with task data to a hardcoded Huawei cloud endpoint (`hwcloudtest.cn`). While the handling of local credentials and external network communication are high-risk capabilities, they are explicitly documented in `SKILL.md`, `README.md`, and `SECURITY.md`, and are strictly aligned with the stated purpose of the skill. No evidence of obfuscation, unauthorized data exfiltration, or malicious prompt injection was found.
能力评估
Purpose & Capability
Name/description: push task results to a 'negative screen' (hiboard) — that purpose is coherent with the code that formats and POSTs JSON. Concern: the code hard‑codes a specific remote endpoint (lfhagmirror.hwcloudtest.cn:18449) and embeds Huawei-related headers; the SKILL.md suggests the user can configure endpoints or that 'cloud auto-obtains authentication' and that no secrets are required. Requiring (or using) a fixed remote service without making that explicit to the user is disproportionate to the advertised 'generic push' purpose.
Instruction Scope
SKILL.md instructs running the provided Python scripts and states no authentication is needed, but the runtime instructions and code access OpenClaw global config and a local .xiaoyienv file (path /home/sandbox/.openclaw/.xiaoyienv) to obtain PERSONAL-API-KEY and PERSONAL-UID. The client prints or logs those values and then attaches them to requests. The instructions do not disclose that the skill will read local files for secrets or that it will post to the hard‑coded external endpoint.
Install Mechanism
No install specification (instruction-only skill), and only a standard Python dependency (requests) is listed. No external downloads or installers are used. The code bundle itself is shipped with the skill (multiple Python files) — that makes the runtime behavior important to review, but there is no high‑risk remote install step.
Credentials
Registry metadata declares no required env vars or credentials, yet the code reads global OpenClaw config (~/.openclaw/openclaw.json) and a hardcoded .xiaoyienv file for PERSONAL-API-KEY and PERSONAL-UID. Those secrets are not declared in requires.env nor documented as required in the top-level metadata. The code also prints key values to stdout/logs, increasing the chance of secret leakage.
Persistence & Privilege
The skill creates local log and record files (logs/, push_records/) and uses them for auditing — that matches the documentation. It does not request always:true and does not appear to modify other skills. However, it will persist push records by default (save_records=true) and log events; combined with printing secret values, local storage could retain sensitive data unless disabled or cleaned.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install push-task-to-negative-screen - 安装完成后,直接呼叫该 Skill 的名称或使用
/push-task-to-negative-screen触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.21
- Minor update to code files: scripts/hiboards_client.py and scripts/task_pusher.py.
- No significant user-facing changes; main skill documentation and usage remain the same.
- Internal code changes may include refactoring or bug fixes not affecting public APIs or workflow.
v1.0.20
**Summary:**
Cloud authentication replaces user-provided auth code. Push URL is now fixed, not configurable.
- 移除了本地和全局授权码 (authCode) 配置,云端自动完成身份验证
- 推送服务 URL(pushServiceUrl)固定,无需配置,相关配置项已移除
- 代码与文档同步简化配置项,删除所有与授权码和可配置URL相关内容
- 删除/scripts/auth_manager.py,减少冗余配置和敏感信息处理
- README.md、SKILL.md、SECURITY.md等全面更新,强调无需身份验证配置与数据安全
- 保留数据推送、日志记录与推送成功后智能更新检查的主要工作流程
v1.0.19
push-task-to-negative-screen v1.0.19
- Removed the file: image_understanding.py
- Added the file: .idea/workspace.xml
No functional or user-facing changes documented.
v1.0.18
Version 1.0.18
- Initial release of the skill repository.
- Added all core scripts and logic for task result push to negative screen via unified JSON format.
- Provided detailed security, configuration, and data handling documentation.
- Included tools for JSON creation and version update checking.
- Set up local logging, record keeping, and flexible push endpoint support.
- Delivered comprehensive instructions for required configuration and secure operation.
v1.0.17
**重大变更:推送接口全面切换为 JSON 文件方式,保障推送内容的格式完整性**
- 仅支持通过 `--data` 参数输入 JSON 文件推送任务结果,不再支持 `--name`、`--content` 等命令行参数。
- 推出脚本 `scripts/create_task_json.py`,可从 Markdown 文件和任务名快速生成标准 JSON 输入。
- JSON 推送方式完全保留 Markdown 格式,避免命令行转义和编码丢失。
- 文档与工作流说明全面更新,强调只使用 JSON 工作流,并提供创建与推送步骤示例。
- 其他推送流程、配置和安全机制保持不变。
v1.0.16
- 更新推送服务URL默认值:将所有默认的华为推送端点修改为以 hiboard-claw-drcn 开头的新域名。
- 明确说明技能更新检查涉及网络请求,仅在此项为可选,其他所有网络访问均指向用户配置的目标端点。
- 优化安全说明,强调技能更新检查会联系 ClawHub 获取版本信息。
- 若干格式优化和示例推送URL/配置内容同步到最新。
- 其他内容和配置要求未发生变动。
v1.0.14
- 文档进行了精简,移除了原有 SKILL.md 中冗余和重复的内容。
- 保留并强化了推送流程、更新检查策略、安全说明、配置要求和标准数据格式等核心要点。
- 删除了部分底层实现细节、时间戳使用示例和过于细致的脚本说明,使技能描述更加聚焦和简洁。
- 技能功能和配置接口保持不变,不涉及核心逻辑变动。
- 适合所有用户快速了解技能功能和配置方法。
v1.0.13
Initial release with version 1.0.0
- 新增任务推送主脚本、诊断、版本管理等多个脚本文件
- 支持任务完成后推送结果到负一屏,采用标准格式,兼容多种类型任务
- 集成自动技能版本检查:推送成功后可根据策略智能提醒是否有新版本(仅在有更新或异常时提醒)
- 提供详细安全声明,所有推送均走用户配置端点、敏感数据脱敏处理
- 本地化推送记录、日志,支持灵活配置与审计
- 显著优化时间戳与内容格式规范,提升与负一屏服务兼容性
v1.0.8
push-task-to-negative-screen v1.0.7
- 文档规范化:统一推送数据标准格式,明确各字段的“必填”要求。
- 调整“标准数据格式”与“输入要求”部分,去除冗余嵌套层级,简化数据结构说明。
- 明确周期性与非周期性任务ID的对应关系和标准输入输出格式。
- 其余功能无变动,仅文档内容调整,无功能更新。
v1.0.7
Version 1.0.7
- 新增数据存储说明,详细介绍了日志目录(logs/)和推送记录目录(push_records/)的用途、存储内容及隐私保护措施。
- 强调本地存储全部可控,敏感信息(如授权码)会在日志中脱敏显示。
- 提示可通过配置关闭记录保存功能,并推荐用户定期管理本地文件,保障隐私安全。
- 其余功能、配置项和接口保持不变。
v1.0.6
**Summary:**
Improved configuration documentation, clearly separating required and optional parameters for easier setup and troubleshooting.
- Added a dedicated configuration section listing required (authCode, pushServiceUrl) and optional fields.
- Clarified configuration priority and setup methods for both global and local config.
- Made explicit that the skill cannot function without mandatory configuration and will report errors if they are missing.
- Streamlined and focused configuration instructions at the top for better usability.
- No functional code or interface changes; documentation only.
v1.0.5
No code or documentation changes in this version.
- Version 1.0.5 released with no file or content modifications detected.
v1.0.4
- 技能名称由“push-task-to-negative-screen”更改为“today-task”
- 英文标题由“Push Task to Negative Screen”更改为“Today Task”
- 其他内容和功能保持不变
v1.0.2
push-task-to-negative-screen v1.0.2
- 配置系统说明优化,明确auth_code和pushServiceUrl的优先加载逻辑与配置优先级。
- 增加配置加载顺序和本地 config.json 示例,便于用户理解与操作。
- 配置优先级说明更清晰:全局配置优先,本地配置为备选,其余项沿用本地配置。
- 其余内容未变,无功能更新。
v1.0.1
- 引入 SECURITY.md 文件,说明技能已通过安全审查,增加安全合规说明
- 新增 requirements.txt,规范依赖管理
- 更改配置系统,auth_code 和推送 URL 支持通过 OpenClaw 全局配置管理,其他参数由本地 config.json 管理
- 优化配置命令说明,命令将从 npx claw 切换为 openclaw,兼容更多环境
- 移除 push_records 文件夹中的历史推送记录,优化存储方式
- 文档内容简化与规范化,增强安全和配置灵活性
v1.0.0
push-task-to-negative-screen v1.0.0 - Initial Release
- Introduces a universal task result pusher for sending task completion results to the "negative screen" using a unified, standard data format.
- Supports push triggers via commands like "任务完成,推送到负一屏" and similar phrases.
- Standardizes message format, content styling (Markdown), and comprehensive error handling with user-friendly solution guides.
- Integrates easily with other skills and provides both API and CLI usage examples.
- Features configuration via OpenClaw commands, including automatic detection and update of authorization codes from user input.
- Detailed workflow, error codes, input/output schemas, and example scripts included in documentation.
元数据
常见问题
push-task-to-negative-screen 是什么?
通用任务结果推送器,当任务完成后将结果推送到负一屏。使用统一的标准数据格式,支持各种类型的任务结果推送。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 262 次。
如何安装 push-task-to-negative-screen?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install push-task-to-negative-screen」即可一键安装,无需额外配置。
push-task-to-negative-screen 是免费的吗?
是的,push-task-to-negative-screen 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
push-task-to-negative-screen 支持哪些平台?
push-task-to-negative-screen 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 push-task-to-negative-screen?
由 Minus One Screen(@ganhaiyang3)开发并维护,当前版本 v1.0.21。
推荐 Skills