← 返回 Skills 市场
94
总下载
0
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install test-publish-dev1
功能描述
自动将商品从跨睿优质货盘铺货到Ozon电商平台。
安全使用建议
This skill appears to automate a web UI to publish products, but has several issues you should verify before installing or running it:
- Filename mismatch: SKILL.md references scripts/auto_distribute.py but the repo contains scripts/auto_distribution.py — fix or confirm the intended entrypoint.
- Runtime dependencies: the included Python script uses Playwright and requires a browser engine; ensure those are installed in a controlled environment and update SKILL.md to declare installation steps.
- Network target: the script connects to http://139.9.192.16:9089 (an IP) rather than an Ozon API — confirm that this endpoint is trustworthy and expected (it may be an internal control panel). Do not run against unknown network hosts from sensitive machines.
- Hardcoded credentials: the script contains username/password 'test'/'123456'. Confirm these are safe test credentials; if real credentials are needed, require them via environment variables or a secure secrets mechanism instead of embedding them.
- Inconsistent output messages: the script returns/saves screenshot.png but later prints a different filename (screenshot_form.png) — this indicates sloppy testing and you should run in an isolated environment first.
If you still want to use it: review and correct the entrypoint, remove or secure hardcoded credentials, document and install Playwright/browser dependencies, and run the skill in an isolated or staging environment while you confirm the target endpoint is legitimate.
功能分析
Type: OpenClaw Skill
Name: test-publish-dev1
Version: 1.1.0
The skill contains hardcoded credentials ('test'/'123456') and connects via unencrypted HTTP to a raw IP address (http://139.9.192.16:9089/) in scripts/auto_distribution.py. While these appear intended for a development or testing environment as indicated by the 'test-publish-dev1' slug, they are significant security vulnerabilities. Additionally, there is a minor filename discrepancy between the instructions in SKILL.md (auto_distribute.py) and the actual script provided (auto_distribution.py).
能力评估
Purpose & Capability
Name/description (auto-publish to Ozon) broadly aligns with the included Playwright automation script which operates a web UI and clicks a send button. However the SKILL.md says it will call scripts/auto_distribute.py while the repository contains scripts/auto_distribution.py (filename mismatch) which will cause runtime failure unless corrected. The skill claims to publish to Ozon but the script navigates to a raw IP (http://139.9.192.16:9089/) rather than an Ozon endpoint — this could be a control panel for the publisher service but is not explained in the metadata. The skill does not declare the obvious runtime dependency on Playwright and a browser, which is required for the script to run.
Instruction Scope
SKILL.md instructs the agent to parse parameters and invoke the script; that scope is narrow and appropriate. The script itself performs network access to a single IP:9089, logs in with hardcoded credentials (test / 123456), manipulates DOM elements and saves a screenshot. It does not read arbitrary files or environment variables, nor does it send data to third-party endpoints beyond the specified IP. Still, the use of hardcoded credentials and an unexplained IP address expands the operational scope beyond what's described and deserves review.
Install Mechanism
There is no install spec (instruction-only), which is lower risk. However the Python script requires Playwright and a browser engine at runtime; these dependencies are not declared in metadata or SKILL.md. That means the skill will likely fail unless the runtime environment already has these installed — users should be warned and the package should declare installation instructions.
Credentials
The skill declares no required environment variables or credentials, which matches the metadata. But the script contains hardcoded login credentials (username 'test' and password '123456') and targets a raw IP address. Hardcoded credentials are poor practice and may point to a test environment or misconfigured secret handling. The lack of declared credentials is inconsistent with the presence of embedded credentials in code.
Persistence & Privilege
The skill is not always-enabled, does not request persistent platform privileges, and does not modify other skills or global configs. Autonomous invocation is allowed (platform default) which is expected; this does not by itself increase the concern level given the other issues.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install test-publish-dev1 - 安装完成后,直接呼叫该 Skill 的名称或使用
/test-publish-dev1触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
效果联调
v1.0.5
效果联调
v1.0.3
效果联调
v1.0.2
效果联调
元数据
常见问题
test-publish-dev1 是什么?
自动将商品从跨睿优质货盘铺货到Ozon电商平台。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 94 次。
如何安装 test-publish-dev1?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install test-publish-dev1」即可一键安装,无需额外配置。
test-publish-dev1 是免费的吗?
是的,test-publish-dev1 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
test-publish-dev1 支持哪些平台?
test-publish-dev1 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 test-publish-dev1?
由 famechyu(@famechyu)开发并维护,当前版本 v1.1.0。
推荐 Skills