← 返回 Skills 市场
squall0925

崩溃与性能数据查询

作者 Umeng+ · GitHub ↗ · v1.2.0 · MIT-0
cross-platform ⚠ suspicious
141
总下载
0
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install uapp-apm
功能描述
友盟应用性能监控(U-APM)数据查询技能,支持通过 umeng-cli call 调用友盟 APM OpenAPI(apm.openapi.umeng.com)的 8 个只读查询接口,涵盖今日/历史稳定性、启动性能、网络性能、原生页面、H5 页面、分钟级网络与稳定性数据。当用户需要查询应用崩溃率、启动耗时、网络...
安全使用建议
This skill appears to be a legitimate wrapper for Umeng APM queries, but it asks the agent to run automatic telemetry and to send any Appkey you input via 'umeng-cli trace'. Before installing or using it: (1) decide whether you want the agent to automatically send usage data and any Appkey you supply — disable or remove the 'umeng-cli trace' steps if you don't; (2) prefer installing the CLI via a package manager (npm) rather than piping a remote install script into sh, and inspect the install script before running it; (3) confirm that sending your appKey to Umeng for 'trace' is acceptable to you and your organization (it may be sensitive); (4) verify the umeng-cli source/repository and privacy policy; and (5) be aware the SKILL.md requests the agent to post a login link and run login in background — that flow is normal but ensure credentials are handled by umeng-cli rather than being copied into chat. If you want, ask the skill author to remove automatic 'trace' calls or to make telemetry opt-in and to document exactly what 'trace' sends.
功能分析
Type: OpenClaw Skill Name: uapp-apm Version: 1.2.0 The skill instructions (SKILL.md) contain prompt injections directing the AI agent to perform automated telemetry/tracking by executing 'umeng-cli trace' commands, including reporting the user's 'appkey' (dataSourceId) to the CLI tool without explicit user consent. Additionally, the documentation promotes a high-risk installation method via 'curl | sh' (pointing to raw.githubusercontent.com/umeng/umeng-cli), which is a common vector for supply chain attacks. While these behaviors are likely intended for legitimate vendor usage analytics, the automated exfiltration of identifiers and the use of unverified remote scripts meet the threshold for suspicious activity.
能力标签
requires-sensitive-credentials
能力评估
Purpose & Capability
The Skill's name and main functionality (calling Umeng APM read-only endpoints via umeng-cli) are coherent. However the SKILL.md additionally requires running umeng-cli trace calls to report usage and to send the Appkey when provided. Telemetry/telemetry-with-Appkey is not necessary to perform read-only queries and thus is disproportionate to the stated purpose. Minor metadata inconsistency: the registry summary presented here lists no required binaries, but SKILL.md metadata and text require 'umeng-cli'.
Instruction Scope
The SKILL.md explicitly instructs the AI Agent to execute 'umeng-cli trace' immediately after reading the document and again when an Appkey (dataSourceId) is entered. That causes automatic outbound telemetry and may transmit sensitive identifiers (appKey). This is scope creep: the skill should not unilaterally send usage or user-supplied keys as part of a read-only query helper. Other instructions (login flow guidance, use of umeng-cli call) are appropriate for the stated purpose.
Install Mechanism
The skill is instruction-only (no install spec in registry), but SKILL.md recommends installation via 'npm install -g @umengfe/umeng-cli' (reasonable) or via piping a script from raw.githubusercontent.com ('curl ... | sh'). While raw.githubusercontent.com is a common host, 'curl | sh' is high-risk practice because it executes remote code automatically; recommend preferring npm or inspecting the script before running. The install recommendation is not strictly required to be embedded in runtime instructions and raises install-time risk.
Credentials
The skill declares no required environment variables or credentials, and relies on umeng-cli to handle AK/SK via interactive login (reasonable). However the instructions require sending the Appkey back to Umeng via the trace command whenever a user provides it; that asks the agent to transmit a user-supplied identifier externally without a clear need. This is disproportionate to mere read-only querying and raises privacy/exfiltration concerns.
Persistence & Privilege
The skill does not request always:true, does not declare config paths or persistent privileges, and is user-invocable only. There is no evidence it modifies other skills or requests system-wide persistence.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install uapp-apm
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /uapp-apm 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.0
uapp-apm 1.2.0 - No code or documentation changes detected in this version. - The SKILL.md content remains unchanged from the previous version. - No new features, bug fixes, or interface updates included in this release.
v1.1.1
**umeng-cli-uapm v1.1.1 Changelog** - Migrated skill from previous Python script implementation to use the official `umeng-cli` command-line tool for all U-APM data queries. - All logic, usage, and examples now reference `umeng-cli call` commands instead of Python scripts. - Python script `scripts/apm.py` and related content were removed. - Skill now documents 8 distinct U-APM read-only interfaces, corresponding parameters, and updated best practices (including CLI-based tracing, auth, and appKey operations). - Updated metadata to declare `umeng-cli` as a runtime requirement and provide installation instructions. - Adds specific usage notes for login handling and tracking appKey-based events.
v1.1.0
Version 1.1.0 introduces usability improvements, boundaries, and clarification for typical scenarios. - Added显式触发词、使用流程说明,以及“Step”操作建议,优化人机交互体验 - 明确常见异常边界与应对(如App未指定、ANR仅限Android、时间限制等) - 加入“description”字段并精简summary,强化Skill目标定位 - 重构文档结构,更易查阅典型问法、参数映射、边界与异常说明 - 保持全部CLI示例及查询类型表不变,补充操作指引和异常反馈文案
v1.0.0
Initial release of uapp-apm skill for querying Umeng APM crash and performance data. - Supports querying stability (crash/ANR), startup performance, network, and page performance statistics. - Provides CLI parameter mapping for common queries, including minute-level real-time queries. - Configuration supports file and environment variable priority. - JSON structured output available via `--json` parameter. - Automatic handling and documentation for dependency installation and Tea module conflicts.
元数据
Slug uapp-apm
版本 1.2.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 4
常见问题

崩溃与性能数据查询 是什么?

友盟应用性能监控(U-APM)数据查询技能,支持通过 umeng-cli call 调用友盟 APM OpenAPI(apm.openapi.umeng.com)的 8 个只读查询接口,涵盖今日/历史稳定性、启动性能、网络性能、原生页面、H5 页面、分钟级网络与稳定性数据。当用户需要查询应用崩溃率、启动耗时、网络... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 141 次。

如何安装 崩溃与性能数据查询?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install uapp-apm」即可一键安装,无需额外配置。

崩溃与性能数据查询 是免费的吗?

是的,崩溃与性能数据查询 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

崩溃与性能数据查询 支持哪些平台?

崩溃与性能数据查询 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 崩溃与性能数据查询?

由 Umeng+(@squall0925)开发并维护,当前版本 v1.2.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论