← 返回 Skills 市场
119
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install qique-yimei
功能描述
Use this skill when an agent needs to answer or plan operations for QiQue business requests in pure text protocol mode (no local executable dependency). Trig...
安全使用建议
This skill appears to be a legitimate QiQue planner, but there are a few red flags you should consider before installing or using it:
- The skill expects you to provide and lets it persist sensitive credentials (app_id and app_secret). Only provide these if you trust the skill's source and you understand where the credentials will be stored and who can access them.
- The package includes a prefilled distribution_app_secret in config/qique.config.json. That is a sensitive secret embedded in the bundle; do not assume it belongs to you. Ask the publisher why it's included and consider removing or replacing it with empty placeholders before use.
- The registry metadata did not declare any required config paths, but SKILL.md requires reading/writing config/qique.config.json — this mismatch is sloppy and merits caution.
- The skill promises not to perform remote calls itself (router-only) and to require explicit user confirmation for write operations; still, verify that the agent/platform enforces 'do not auto-execute' and that any actual API calls (if/when performed) go to the expected QiQue endpoints (the method docs reference pre-e.qique.cn).
Actions you can take:
- Ask the skill publisher for provenance and whether the included distribution secret is intentional.
- If you must test, use throwaway QiQue credentials or a test account and remove embedded secrets from the config file.
- Confirm how and where the platform persists secrets (encryption, removal, access controls) and whether you can revoke stored credentials later.
If you can get answers to the above and confirm secure storage, the skill's behavior would be reasonable for its stated purpose; otherwise treat it as untrusted and avoid providing production credentials.
功能分析
Type: OpenClaw Skill
Name: qique-yimei
Version: 1.0.0
The skill bundle exhibits high-risk credential handling by explicitly instructing the AI agent to solicit and store sensitive user credentials (`app_id` and `app_secret`) in plaintext or agent memory (SKILL.md, agents/openai.yaml). Furthermore, config/qique.config.json contains a hardcoded distribution secret (d91f6adabcbe6aaadbfe41162e4777d1). While these are used for the QiQue API (pre-e.qique.cn), the combination of aggressive credential solicitation and hardcoded secrets in the bundle poses a significant security risk.
能力评估
Purpose & Capability
The skill claims to be a text-only QiQue operations helper (routing and plan generation). That purpose reasonably requires QiQue credentials and a method catalog (both present). However, the registry metadata declares no required config paths or credentials while the SKILL.md explicitly tells the agent to load and persist credentials from config/qique.config.json — a mismatch between declared requirements and what the skill actually expects.
Instruction Scope
SKILL.md directs the agent to read credentials from config/qique.config.json (or session memory), persist them between turns, and overwrite on updates. It also instructs strict output formatting and to never call the remote API (router-only), which is coherent. The primary concern is the explicit instruction to read and write local config state (persist secrets) — this expands the skill's scope beyond pure ephemeral planning and has privacy implications if storage is not secured or if the platform's persistence semantics are unclear.
Install Mechanism
Instruction-only skill with no install spec or downloaded code. This minimizes installation risk because nothing is written to disk by an installer. All behavior is defined in SKILL.md and bundled docs/config files.
Credentials
The skill requests four QiQue credential keys in its docs (app_id/app_secret/distribution_app_id/distribution_app_secret) and instructs persistence. Yet the registry shows no required env vars or required config paths. Additionally, the bundle includes config/qique.config.json with a prefilled distribution_app_secret value — a sensitive secret embedded in the skill package. Embedding someone else's distribution secret in the skill bundle is questionable and not justified by the metadata; users should not assume that value is benign or owned by them.
Persistence & Privilege
The skill asks the agent to persist user-provided app_id/app_secret between turns and to store/overwrite them in config/text session state. While 'always' is false (no force-installed privilege), persistent storage of credentials increases risk if the platform's storage is not encrypted, shared, or audited. The skill does not modify other skills, but you should confirm how and where credentials are stored and whether the agent can access them later.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install qique-yimei - 安装完成后,直接呼叫该 Skill 的名称或使用
/qique-yimei触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
提供企雀医美系统的顾客管理、预约、开单、划扣、报表等功能的AI助手
元数据
常见问题
企雀医美系统-AI助手 是什么?
Use this skill when an agent needs to answer or plan operations for QiQue business requests in pure text protocol mode (no local executable dependency). Trig... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 119 次。
如何安装 企雀医美系统-AI助手?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install qique-yimei」即可一键安装,无需额外配置。
企雀医美系统-AI助手 是免费的吗?
是的,企雀医美系统-AI助手 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
企雀医美系统-AI助手 支持哪些平台?
企雀医美系统-AI助手 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 企雀医美系统-AI助手?
由 Edmon(@edmon)开发并维护,当前版本 v1.0.0。
推荐 Skills