← 返回 Skills 市场
114
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install qique-ai
功能描述
Use this skill when an agent needs to answer or plan operations for QiQue business requests in pure text protocol mode (no local executable dependency). Trig...
安全使用建议
This skill appears to be an instruction-only QiQue API helper, but it asks the agent to load and persist API credentials from config/qique.config.json and to prompt you for app_id/app_secret. The package also contains a cleartext distribution_app_secret. Before installing or using this skill:
- Do not paste your production app_secret into the agent until you confirm where/how the credentials will be stored (encrypted storage, retention policy, who can access them).
- Prefer creating a limited-scope or temporary/test QiQue API key for use with this skill, and rotate/revoke it after testing.
- Ask the skill author (or registry) to declare required config paths/credentials explicitly in the metadata and to remove embedded secrets from the package.
- Confirm that your platform's agent storage will not expose persisted secrets to other skills or logs.
- If you cannot verify secure storage and the trustworthiness of the skill source, do not provide real credentials; use test credentials only.
Given the metadata/instruction mismatch and embedded secret, treat this skill as potentially risky until the above clarifications are provided.
功能分析
Type: OpenClaw Skill
Name: qique-ai
Version: 1.0.0
The skill bundle implements a text-based protocol for the QiQue (企雀) medical beauty system that explicitly instructs the AI agent to solicit, persist, and reuse sensitive user API credentials (app_id and app_secret) via natural language prompts. While these are functional requirements for the API integration, the prompt-driven collection and storage of secrets in the agent's memory or configuration files represent a high-risk pattern for credential harvesting. Additionally, the bundle contains hardcoded distribution credentials (distribution_app_id: 'longxiaqique') and a specific MD5-based signature logic in references/methods.md, which targets the endpoint https://pre-e.qique.cn/index.php?r=data/api/.
能力评估
Purpose & Capability
The skill's name/description match QiQue API helper behavior, but the declared registry metadata lists no required config paths or credentials while the SKILL.md explicitly requires loading/saving credentials from config/qique.config.json. That mismatch (declared requirements: none vs runtime: requires config keys app_id/app_secret/distribution_*) is incoherent. The repo also contains a populated distribution_app_secret in config/qique.config.json, which implies the skill embeds an operational secret rather than relying solely on user-provided credentials.
Instruction Scope
The SKILL.md instructs the agent to (a) load credentials from config/qique.config.json or session state, (b) persist credentials between turns (store/overwrite them), and (c) request app_id/app_secret from the user when missing. These instructions cause the agent to read and store secrets and do not specify secure storage boundaries or limits on retention. The skill does not instruct the agent to send credentials to any unexpected remote endpoint, but the instruction to persist secrets in agent memory/config is broad and under-specified.
Install Mechanism
No install spec and no code files to execute — the skill is instruction-only. This minimizes installation risk because nothing is downloaded or executed at install time.
Credentials
No environment variables or config paths were declared in the registry metadata, but the instructions require reading config/qique.config.json and retaining app_id/app_secret and distribution_* values. The repository includes a cleartext distribution_app_secret value — embedding a secret in the skill package is unnecessary for a third-party consumer and increases risk. Asking users to input their app_id/app_secret and then persist them in agent state is disproportionate unless the user understands where and how those secrets will be stored and protected.
Persistence & Privilege
The skill requires keeping credentials persistent between turns and overwriting them when the user provides new values. While always:false (normal), the explicit instruction to persist secrets and reuse them across sessions grants the skill effective long-term access to user credentials unless the platform enforces secure storage and access controls. The SKILL.md gives no constraints on retention, encryption, or scope of reuse.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install qique-ai - 安装完成后,直接呼叫该 Skill 的名称或使用
/qique-ai触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
企雀系统AI助手,支持通过聊天互动来实现查询、编辑等多项操作。
元数据
常见问题
企雀AI助手 是什么?
Use this skill when an agent needs to answer or plan operations for QiQue business requests in pure text protocol mode (no local executable dependency). Trig... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 114 次。
如何安装 企雀AI助手?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install qique-ai」即可一键安装,无需额外配置。
企雀AI助手 是免费的吗?
是的,企雀AI助手 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
企雀AI助手 支持哪些平台?
企雀AI助手 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 企雀AI助手?
由 Edmon(@edmon)开发并维护,当前版本 v1.0.0。
推荐 Skills