← 返回 Skills 市场

Tianji

Name: Tianji
Author: moonrailgun

作者 moonrailgun · GitHub ↗ · v1.0.1

cross-platform ⚠ suspicious

416

总下载

当前安装

版本数

在 OpenClaw 中安装

/install tianji

功能描述

Query website analytics, monitor uptime, survey results, telemetry data, feed events, application stats, and more from the Tianji platform via its read-only...

安全使用建议

This skill appears coherent for querying a Tianji instance. Before installing: (1) provide a least-privilege, read-only API key (not a management/master key); (2) verify the TIANJI_BASE_URL is a host you trust; (3) confirm you are comfortable granting network access to that host; (4) test with a workspace that contains no sensitive production data until you confirm redaction/handling meets your expectations — SKILL.md instructs the agent to redact certain fields, but that depends on the agent honoring the instructions. If you need absolute assurance, review responses from sensitive endpoints (aiGateway, audit logs, workspace members, billing) while using a low-privilege account.

功能分析

Type: OpenClaw Skill Name: tianji Version: 1.0.1 The skill includes robust redaction mechanisms in its build script (`scripts/filter-openapi.cjs`) and explicit instructions in `SKILL.md` to prevent the display of sensitive fields like API keys and secrets. However, `SKILL.md` contains a prompt injection vulnerability by instructing the agent to bypass redaction for 'workspace members or audit logs' if the user 'explicitly requests full detail'. The `references/openapi-readonly.json` confirms that the `/workspace/{workspaceId}/members` endpoint can return PII such as user email addresses, which an attacker could exfiltrate by exploiting this instruction.

能力评估

✓ Purpose & Capability

Name/description (Tianji analytics) match the declared config and permissions. skill.yaml and clawhub.json both require TIANJI_BASE_URL, TIANJI_API_KEY, and TIANJI_WORKSPACE_ID and declare the skill as read-only GET endpoints. No unrelated environment variables, binaries, or platform credentials are requested.

✓ Instruction Scope

SKILL.md instructs the agent to choose GET endpoints from the provided api-endpoints.md/openapi-readonly.json, construct GET requests under {TIANJI_BASE_URL}/open with Bearer auth, parse JSON responses, and summarize results. It explicitly forbids displaying sensitive fields (modelApiKey, apiKey, secret, token, password, credential) and calls out PII in some endpoints. The instructions do not ask the agent to read unrelated system files or other credentials.

✓ Install Mechanism

No install spec is provided (instruction-only). The repository includes a small build script and a Node script used to filter a full OpenAPI spec into a GET-only reference; these are documentation-generation utilities and are not an installer or remote download. No external archives or network installs are requested by the skill bundle.

✓ Credentials

The three required config values (base URL, API key, workspace ID) are proportional to a read-only REST API client. The manifest marks the API key as the primary credential/secret. No unrelated secrets or config paths are requested.

✓ Persistence & Privilege

The skill is not forced-always (always:false), is user-invocable, and does not request modifications to other skills or global agent state. It only requires network permission consistent with fetching remote API endpoints.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install tianji
安装完成后，直接呼叫该 Skill 的名称或使用 /tianji 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.1

- Added a new section on Sensitive Data Handling, detailing rules for redacting or omitting fields containing secrets or personal information from API responses. - Clarified that sensitive fields such as API keys, tokens, passwords, and PII should never be shown to users. - Updated workflow guidance for summarizing workspace members and audit logs to emphasize non-sensitive data by default.

v1.0.0

Initial release of the Tianji monitoring and analytics skill. - Query read-only data from the Tianji platform using its OpenAPI (69 GET endpoints across 14 service domains). - Supports analytics for website traffic, uptime monitoring, survey results, telemetry events, feed channels, billing, and more. - Requires configuration for the Tianji base URL, API key, and workspace ID. - Includes guidance for making requests and handling common usage scenarios (e.g., traffic, health checks, survey analysis). - All endpoints use GET, require authentication, and return JSON data.

元数据

Slug tianji

版本 1.0.1

许可证 —

累计安装 1

当前安装数 1

历史版本数 2

常见问题

Tianji 是什么？

Query website analytics, monitor uptime, survey results, telemetry data, feed events, application stats, and more from the Tianji platform via its read-only... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 416 次。

如何安装 Tianji？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install tianji」即可一键安装，无需额外配置。

Tianji 是免费的吗？

是的，Tianji 完全免费（开源免费），可自由下载、安装和使用。

Tianji 支持哪些平台？

Tianji 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Tianji？

由 moonrailgun（@moonrailgun）开发并维护，当前版本 v1.0.1。