← 返回 Skills 市场
358
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install synergy-salon
功能描述
Manage Synergy salon — appointments, clients, social media, promotions, and website. Notion-powered scheduling and CRM.
安全使用建议
Before installing, confirm where and how the skill will obtain credentials: Notion and Netlify both require API tokens and git pushes require credentials (SSH key or token). The registry metadata lists no required env vars — ask the skill author or inspect the source to see how auth is handled. Verify the skill's file access is restricted to only ~/synergy-website (or set a narrower path) and that deploys require explicit approval. Review the referenced GitHub repository (homepage) and the SKILL.md there to ensure there are no hidden steps. If you proceed, supply least-privilege tokens (scoped Netlify token, Notion integration limited to necessary DBs, a deploy key with only repo write access) and test in a staging site/repo first. If you cannot verify where secrets are stored or how deploys are authorized, do not install.
功能分析
Type: OpenClaw Skill
Name: synergy-salon
Version: 1.0.0
The skill is classified as suspicious due to high-risk capabilities that could be exploited as vulnerabilities, even without explicit malicious intent within the skill's instructions. Specifically, the `salon site update [page] [content]` command, combined with `fileAccess: [~/synergy-website]` and `commands: [git, npm, netlify]` in `SKILL.md`, allows arbitrary content modification within the website directory and subsequent deployment. This presents a significant prompt-injection vulnerability against the agent, potentially leading to website defacement or remote code execution if a malicious user provides harmful content. Additionally, the skill accesses sensitive client PII (phone, email) via `salon remind` and `salon clients` commands, increasing the risk of data exposure if the agent is compromised.
能力评估
Purpose & Capability
The stated purpose (manage appointments, clients, promos, and the website via Notion and site deployment) aligns with the actions described in SKILL.md: accessing Notion databases, editing files in ~/synergy-website, running git/npm/netlify, and calling api.notion.com and api.netlify.com. However, the registry metadata lists no required environment variables or primary credential even though Notion and Netlify APIs and git pushes normally require credentials — this mismatch is unexplained.
Instruction Scope
Instructions are scoped to salon operations and website repo edits: read/write specific Notion databases, mark ReminderSent, create promo drafts, edit files under ~/synergy-website, commit changes, and optionally deploy. The instructions do not ask for other system data, but they do grant file access to a home-directory path and command execution rights (git, npm, netlify) which allow modifying and pushing site code — this is within the feature set but broad in consequence and should be limited to the actual website directory and to explicit deploy approval (the skill notes deploy requires approval).
Install Mechanism
There is no install spec and no code files — the skill is instruction-only, so nothing is written to disk by an installer. This minimizes installation risk.
Credentials
The skill will need API credentials (Notion API key/token, Netlify auth token, and git push credentials or SSH key) to function, but the registry shows no required environment variables or primary credential. That omission is disproportionate and suspicious because it hides where secrets must be provided/stored and how the agent will access them. Expect to need variables like NOTION_TOKEN/NOTION_API_KEY, NETLIFY_AUTH_TOKEN (or equivalent), and git credentials (SSH key or GITHUB_TOKEN); their absence from metadata is a red flag.
Persistence & Privilege
The skill is not always-enabled (always:false) and is user-invocable. It requests file and network permissions in SKILL.md which allow it to modify and deploy website code when invoked; autonomous invocation is allowed by default for skills, but there's no evidence this skill attempts to gain permanent elevated privileges or to change other skills' configs. Because it can commit and (with approval) deploy code, users should limit its file access to the intended website directory.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install synergy-salon - 安装完成后,直接呼叫该 Skill 的名称或使用
/synergy-salon触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of Synergy Salon skill:
- Manage appointments, clients (CRM), social media, promotions, and website from one interface.
- Notion-powered: integrates with databases for scheduling, client records, promos, and revenue tracking.
- Website content management and deployment tools included.
- Supports file access, git, npm, and Netlify for seamless operations and web updates.
元数据
常见问题
Synergy Salon 是什么?
Manage Synergy salon — appointments, clients, social media, promotions, and website. Notion-powered scheduling and CRM. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 358 次。
如何安装 Synergy Salon?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install synergy-salon」即可一键安装,无需额外配置。
Synergy Salon 是免费的吗?
是的,Synergy Salon 完全免费(开源免费),可自由下载、安装和使用。
Synergy Salon 支持哪些平台?
Synergy Salon 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Synergy Salon?
由 Martin(@martc03)开发并维护,当前版本 v1.0.0。
推荐 Skills