← 返回 Skills 市场
84
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install quicker-connector
功能描述
与 Quicker 自动化工具集成,读取、搜索和执行 Quicker 动作列表。支持 CSV 和数据库双数据源,智能匹配用户需求并调用本地 QuickerStarter 执行。
安全使用建议
This package appears to be what it claims: a local Quicker integration that reads a CSV/SQLite export and calls QuickerStarter.exe. Before installing: 1) Confirm you run this on Windows with Quicker and QuickerStarter.exe present (or set starter_path to the correct executable). 2) Inspect scripts/quicker_connector.py (and any runner code) to confirm subprocess calls are limited to QuickerStarter.exe and that parameters are validated/sanitized. 3) Install the chardet library if you want robust encoding detection (encoding_detector.py imports chardet but the package metadata does not declare it). 4) Be cautious with auto-execution: set auto_select_threshold high (e.g., 0.8–0.9) if you prefer confirmation before actions run. 5) If you will deploy this in a shared or sensitive environment, restrict who can edit the skill's starter_path/config to avoid pointing the skill at arbitrary executables. If you want, paste the critical parts of scripts/quicker_connector.py here and I can review the exact subprocess/IO behavior line-by-line.
功能分析
Type: OpenClaw Skill
Name: quicker-connector
Version: 1.2.0
The skill provides integration with the Quicker automation tool but exhibits several high-risk discrepancies and vulnerabilities. Most notably, scripts/quicker_connector.py contains a QuickerPushRunner class that performs network requests to an external API (push.getquicker.cn), directly contradicting the security claims in SKILL.md and skill.json that state 'no network access.' Furthermore, the execute_action function uses subprocess.Popen with shell=True on Windows, which, combined with the lack of input sanitization for action parameters, creates a significant risk for shell injection (RCE) if the AI agent is manipulated by a user. While these may be unintentional design flaws or undocumented features, the combination of misleading security documentation and critical execution vulnerabilities warrants a suspicious classification.
能力评估
Purpose & Capability
The name/description say it integrates with Quicker, and the repository supplies CSV/SQLite readers and a runner that invokes QuickerStarter.exe. File-system and subprocess permissions declared in manifests align with reading CSV/DB and launching a local QuickerStarter executable. Defaults for csv/db/starter paths match expected Quicker locations.
Instruction Scope
SKILL.md and SKILL_OPTIMIZED.md restrict file I/O to config and user-specified paths and claim no network access; runtime instructions focus on reading CSV/DB, matching actions, and invoking QuickerStarter. However, documentation and README include installation/publishing instructions that show downloading releases (GitHub/ClawHub) for setup—those are developer/install-time actions, not runtime behavior. Also verify that the code actually limits subprocess calls to QuickerStarter.exe and sanitizes parameters as claimed (the manifest says it does; user should inspect scripts/quicker_connector.py to confirm).
Install Mechanism
There is no formal install spec in the registry (the skill is delivered as source files). That is lower risk than arbitrary remote install scripts, but README contains example wget/git/ClawHub install commands which would fetch code from GitHub/ClawHub if followed. One minor inconsistency: encoding_detector.py imports chardet but package metadata declares no runtime dependencies—ensure chardet is installed on the target system before running encoding detection.
Credentials
The skill requests no environment variables or external credentials. It needs read/write access to user-specified CSV/DB paths and to write its own config.json—this is proportionate to listing and executing Quicker actions. The default db_path/starter_path point at typical Quicker locations; reading the Quicker DB may expose local action metadata but that is the stated purpose.
Persistence & Privilege
The skill is not always-enabled and uses normal autonomous invocation. It declares subprocess permission limited to QuickerStarter.exe which is appropriate, but the configurable 'starter_path' setting means an operator with permission to edit the skill settings could point it at another executable; verify parameter validation and consider restricting the configured path if you want to limit misuse. The skill does not request to modify other skills or system-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install quicker-connector - 安装完成后,直接呼叫该 Skill 的名称或使用
/quicker-connector触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.0
- 增加了数据库作为新的数据源,实现 CSV 与 SQLite 双模式读取。
- 优化智能匹配:支持多字段(名称、描述、类型、分类)搜索和筛选。
- 新增自动编码检测,提升 CSV 兼容性。
- 配置项扩展:支持路径、阈值、最大结果量等多项目灵活调整。
- 文档与安全说明全面更新,增强用户指引和数据安全性。
元数据
常见问题
quicker-connector 是什么?
与 Quicker 自动化工具集成,读取、搜索和执行 Quicker 动作列表。支持 CSV 和数据库双数据源,智能匹配用户需求并调用本地 QuickerStarter 执行。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 84 次。
如何安装 quicker-connector?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install quicker-connector」即可一键安装,无需额外配置。
quicker-connector 是免费的吗?
是的,quicker-connector 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
quicker-connector 支持哪些平台?
quicker-connector 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 quicker-connector?
由 awamwang(@awamwang)开发并维护,当前版本 v1.2.0。
推荐 Skills