← 返回 Skills 市场

17track package tracking

Name: 17track package tracking
Author: tristanmanchester

作者 Tristan Manchester · GitHub ↗ · v0.1.0

cross-platform ✓ 安全检测通过

2152

总下载

当前安装

版本数

在 OpenClaw 中安装

/install track17

功能描述

Track parcels via the 17TRACK API (local SQLite DB, polling + optional webhook ingestion)

安全使用建议

This skill is coherent with its purpose, but review and small precautions before enabling are recommended: - Confirm TRACK17_TOKEN is a token you intend to give to this skill and use a token with minimal scope if possible. - Be aware the script writes a SQLite DB and raw webhook payloads under <workspace>/packages/track17/ (or TRACK17_DATA_DIR if set). If you prefer a specific location, set TRACK17_DATA_DIR or TRACK17_WORKSPACE_DIR before first use. - If you enable webhooks: prefer to run the webhook-server bound to localhost behind a reverse proxy or use a tunnelling service (as the README suggests). Do not run the webhook-server publicly without configuring TRACK17_WEBHOOK_SECRET and verifying signatures. - Inspect scripts/track17.py yourself (it’s included) before enabling; because it is executed locally, review ensures it matches your risk tolerance. - Run in a restricted environment or sandbox if you want to limit where files can be written. If you don’t need push webhooks, use the polling (sync) workflow to minimize exposed surface. If you want extra assurance, ask for a short summary of the script's network endpoints and file paths and a confirmation that it will not contact any hosts other than 17track/res.17track.net.

功能分析

Type: OpenClaw Skill Name: track17 Version: 0.1.0 The OpenClaw AgentSkills skill bundle for 'track17' is benign. The `SKILL.md` provides clear instructions for the agent, including an explicit directive to 'Never echo `TRACK17_TOKEN` or `TRACK17_WEBHOOK_SECRET`', which is a strong positive security indicator against prompt injection for credential exfiltration. The `scripts/track17.py` script uses only the Python standard library, accesses only legitimate 17TRACK API endpoints, and confines all local data storage (SQLite DB, webhook inbox, cache) to the expected skill data directory within the workspace. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, obfuscation, or suspicious supply chain practices.

能力评估

✓ Purpose & Capability

Name/description, required env vars, and included code align: the tool talks to 17TRACK APIs, stores data in a workspace-local SQLite DB, and optionally ingests webhooks. No unrelated credentials, binaries, or installs are requested.

ℹ Instruction Scope

SKILL.md and the CLI instruct the agent to initialise a local DB, register tracking numbers, poll (sync) and optionally run or ingest webhooks. The skill auto-detects a workspace by walking the script's parent directories (or using TRACK17_WORKSPACE_DIR/CLAWDBOT_WORKSPACE_DIR) and will read/write under <workspace>/packages/track17/. This file I/O and optional webhook-server behavior is within the stated scope but worth noting: running the server or processing inbox files gives the skill permission to accept and store external payloads and to write into the workspace directory.

✓ Install Mechanism

There is no install spec and the included Python script uses only the standard library (no external downloads or package installs). That minimizes install-time risk; the code is included with the skill rather than fetched from an arbitrary URL.

✓ Credentials

Only TRACK17_TOKEN is required (primaryEnv). Optional envs (TRACK17_WEBHOOK_SECRET, TRACK17_DATA_DIR, TRACK17_WORKSPACE_DIR, TRACK17_LANG) are plausible and relevant. No unrelated secrets or large sets of credentials are requested.

✓ Persistence & Privilege

The skill is not marked always:true, does not request to modify other skills, and writes only to its own workspace-local data dir by default. It can be invoked autonomously (platform default), which is expected for skills, but that is not combined with elevated platform privileges.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install track17
安装完成后，直接呼叫该 Skill 的名称或使用 /track17 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.0

Initial release of track17: parcel tracking via 17TRACK API with local database. - Track packages and their status via the 17TRACK API. - Stores all package data locally in a SQLite database within the workspace. - Supports both periodic polling (sync) and optional webhook ingestion for updates. - CLI for adding, listing, syncing, and managing parcels. - Optional webhook server and ingestion utilities included. - API credentials required via environment variables; flexible data directory configuration.

元数据

Slug track17

版本 0.1.0

许可证 —

累计安装 7

当前安装数 7

历史版本数 1

常见问题

17track package tracking 是什么？

Track parcels via the 17TRACK API (local SQLite DB, polling + optional webhook ingestion). 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 2152 次。

如何安装 17track package tracking？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install track17」即可一键安装，无需额外配置。

17track package tracking 是免费的吗？

是的，17track package tracking 完全免费（开源免费），可自由下载、安装和使用。

17track package tracking 支持哪些平台？

17track package tracking 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 17track package tracking？

由 Tristan Manchester（@tristanmanchester）开发并维护，当前版本 v0.1.0。