← 返回 Skills 市场
ianchenx

SubsTracker

作者 ianchenx · GitHub ↗ · v1.1.0
cross-platform ⚠ suspicious
283
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install substracker
功能描述
Manage SubsTracker subscriptions and configuration via CLI scripts. Handles login, subscription CRUD, config updates, notifications, and dashboard queries. U...
安全使用建议
This skill appears to be a legitimate CLI wrapper for a SubsTracker REST API, but exercise caution before enabling it: - The skill requires SUBSTRACKER_URL, SUBSTRACKER_USER, and SUBSTRACKER_PASS at runtime, but the registry metadata doesn’t declare those — confirm you are comfortable providing those credentials and that the registry omission is acceptable. - It will read .env files from the current working directory and from your home directory and will write a cookie file to ~/.substracker-skills/cookie. Ensure those locations don’t unintentionally contain other secrets and that storing a session cookie on disk is acceptable. - The tool will send credentials and can update sensitive config fields (admin password, webhook URLs, notification tokens). Only point it at a SubsTracker server you trust (check the SUBSTRACKER_URL). - The SKILL.md suggests invoking this skill on any user mention of subscriptions (a very broad trigger). If you want to avoid accidental use, restrict invocation or require explicit user confirmation before running commands that access credentials or change config. - Because the source/homepage are unknown, prefer to: (a) request the upstream repository or signed publisher info, (b) review the files yourself (they are included), or (c) run the scripts in an isolated environment/container before giving it real credentials. If you trust the SubsTracker instance and accept the local file writes, the code appears coherent with its stated purpose; otherwise, treat it as suspicious until metadata (required envs, source) and invocation behavior are clarified.
功能分析
Type: OpenClaw Skill Name: substracker Version: 1.1.0 The SubsTracker skill bundle is a legitimate CLI-based management tool for a SubsTracker instance, handling subscription CRUD, payment history, and system configuration. It manages sensitive data such as API tokens for notification services (Telegram, Bark, etc.) and administrative credentials, but this behavior is strictly aligned with its stated purpose. The code (scripts/client.ts, scripts/main.ts) uses standard environment variable loading and cookie-based authentication without evidence of data exfiltration, malicious execution, or prompt injection.
能力评估
Purpose & Capability
The scripts implement a CLI client for a SubsTracker REST API (login, subscription CRUD, payments, config, notifications, dashboard). That capability aligns with the skill name and description. However the registry metadata lists no required environment variables or primary credential while the skill actually requires SUBSTRACKER_URL, SUBSTRACKER_USER, and SUBSTRACKER_PASS — a clear metadata omission (incoherence between declared requirements and actual needs).
Instruction Scope
Runtime instructions and code auto-load credentials from environment or .substracker-skills/.env (cwd or home), perform automatic login, and write a cookie to ~/.substracker-skills/cookie. The SKILL.md also instructs the platform to invoke this skill whenever the user mentions subscriptions (very broad trigger). The code will send credentials to whatever SUBSTRACKER_URL is configured and can POST config updates including admin passwords, webhook URLs, and notification tokens. Reading/writing dotfiles and auto-logging in are expected for a CLI client but these actions access sensitive data and are broader than what the registry metadata advertises.
Install Mechanism
No install spec is provided (instruction-only). The code is included in the skill bundle and expects to be run with bun (or npx -y bun). There is no external download or archive extraction in the manifest, so installation risk is low from an installer perspective.
Credentials
The code requires SUBSTRACKER_URL, SUBSTRACKER_USER, and SUBSTRACKER_PASS to operate and will read those from system env or .env files; however the registry declares no required env vars or primary credential. The skill also accepts many configuration flags that map to secret fields (tokens, webhook URLs, email API keys, etc.). Requesting and sending these secrets is coherent with the purpose but the metadata omission and the number of secret-capable fields mean you should only provide credentials for a trusted SubsTracker instance.
Persistence & Privilege
The skill does not request 'always: true' and does not alter other skills. It will create and write a cookie file under ~/.substracker-skills and may create ~/.substracker-skills/.env if the user follows instructions; this is expected for a CLI client but constitutes persistent local state that contains session data and should be considered sensitive.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install substracker
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /substracker 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Complete parameter tables for all commands; partial update support (GET-merge-PUT)
v1.0.1
Move cookie storage to ~/.substracker-skills/cookie; show specific missing env vars
v1.0.0
subsTracker 1.0.0 – Initial release - Manage subscriptions, payments, and configurations via CLI scripts wrapping the SubsTracker API. - Supports subscription CRUD, manual renewals, payment history, notification tests, and dashboard queries. - Automatic authentication and session management with environment variable loading from system or `.env` files. - Provides detailed error handling and outputs results as structured JSON for easy integration. - Includes notification configuration and testing for platforms like Telegram, Bark, email, webhook, and Gotify.
元数据
Slug substracker
版本 1.1.0
许可证
累计安装 0
当前安装数 0
历史版本数 3
常见问题

SubsTracker 是什么?

Manage SubsTracker subscriptions and configuration via CLI scripts. Handles login, subscription CRUD, config updates, notifications, and dashboard queries. U... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 283 次。

如何安装 SubsTracker?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install substracker」即可一键安装,无需额外配置。

SubsTracker 是免费的吗?

是的,SubsTracker 完全免费(开源免费),可自由下载、安装和使用。

SubsTracker 支持哪些平台?

SubsTracker 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 SubsTracker?

由 ianchenx(@ianchenx)开发并维护,当前版本 v1.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论