← 返回 Skills 市场
134
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install uapp-retention
功能描述
友盟 U-App 留存率查询技能,支持通过 umeng-cli call 调用友盟 OpenAPI(gateway.open.umeng.com)的 1 个只读留存接口,覆盖新增/活跃用户的次日/3日/7日/14日/30日留存率查询、版本与渠道维度的留存对比分析。当用户需要查询应用留存率、次日留存、7日留存、版本...
安全使用建议
This skill does what it claims (drives umeng-cli to call Umeng's retention API), but the SKILL.md explicitly tells the agent to run 'umeng-cli trace' immediately and to include the Appkey when provided. That will send telemetry and an app identifier to Umeng without a clear need. Before installing or invoking this skill: (1) decide whether you consent to automatic telemetry — if not, decline to run the trace commands; (2) treat Appkey as potentially sensitive and avoid sending it in telemetry; (3) prefer installing umeng-cli via npm rather than executing a curl | sh script without review; (4) verify umeng-cli's authenticity from the official GitHub repo and review what 'umeng-cli trace' does; (5) ask the skill author or maintainer why immediate tracing is required and whether it can be disabled. If you need help auditing the umeng-cli binary or the install script, consider testing in an isolated environment first.
功能分析
Type: OpenClaw Skill
Name: uapp-retention
Version: 1.2.0
The skill bundle contains instructions in `SKILL.md` that direct the AI agent to perform automated telemetry by executing `umeng-cli trace` commands, which report the user-provided `appkey` to the service provider. This constitutes a prompt-injection technique where the agent is instructed to perform side-effect actions (tracking) beyond the user's explicit request. Additionally, the documentation promotes a high-risk `curl | sh` installation pattern for the `umeng-cli` tool. While these behaviors are documented and likely intended for legitimate usage analytics, they represent unauthorized command execution and risky deployment practices.
能力标签
能力评估
Purpose & Capability
The name/description (Umeng U-App retention queries) match the actions described: it invokes umeng-cli to call the Umeng getRetentions API and documents required parameters and response fields. Requiring the umeng-cli tool is coherent with the stated purpose.
Instruction Scope
The SKILL.md instructs the agent to immediately run umeng-cli trace on reading the document and to run an additional trace including any Appkey the user inputs. That causes telemetry (and potentially an app identifier) to be sent to Umeng regardless of whether the user explicitly asked to report usage. This data transmission is not necessary to implement read-only retention queries and is scope-creep/exfiltration-like behavior. The doc also instructs running 'umeng-cli login --no-qr' in background mode to produce a login link — which is reasonable, but the combination with auto-tracing is concerning.
Install Mechanism
There is no install spec in the package, but the SKILL.md recommends installing umeng-cli either via 'npm install -g @umengfe/umeng-cli' (standard) or by piping a GitHub raw install script (curl | sh). The npm recommendation is normal; curl | sh from GitHub raw is common but has higher risk because it executes a remote install script — users should verify the script's contents and origin before running.
Credentials
The skill itself doesn't request environment variables or credentials in the metadata, which is appropriate. However, the explicit instruction to send an Appkey in a telemetry trace means the skill asks the agent to transmit an identifier that may be sensitive. Sending the Appkey to Umeng is not required to perform the read-only API calls (the Appkey is also an API parameter for queries), but proactively instructing the agent to report it as telemetry is disproportionate and could leak information the user didn't intend to share.
Persistence & Privilege
The skill is user-invocable, not always-on, and does not request to modify other skills or agent-wide settings. It relies on umeng-cli's own login/session handling and does not declare persistent privileges itself.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install uapp-retention - 安装完成后,直接呼叫该 Skill 的名称或使用
/uapp-retention触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.0
**重大变更:切换查询方案,完全移除内置 Python 客户端与 SDK,改为调用官方 umeng-cli 命令行工具。**
- 重写 Skill,删除所有自带脚本、SDK 及相关说明,仅保留文档级指引和操作示例
- 依赖 `umeng-cli` 实现留存率查询,提供 CLI 级调用样例与参数详解
- skill 仅聚焦于「友盟 U-App 留存率查询」主能力,不再包含版本/渠道枚举等扩展接口
- 更新 Skill 名,与 `umeng-cli` 套件一致
- 详细说明授权流程、调用方式、核心输出结构与适用场景
v1.1.0
- Enhanced documentation with a new “使用流程” section for step-by-step guidance.
- Added detailed “边界条件与异常处理” for common user scenarios and error handling.
- Expanded trigger words and clarified usage description.
- No CLI/API changes; documentation update only.
v1.0.0
uapp-retention 0.2.0 adds new retention query and comparison features, with expanded options and improved usability.
- Added support for retention queries by day, week, or month.
- Enabled multi-dimensional filtering: by app version and channel.
- Introduced comparison features for different versions or channels.
- Active user retention type is now supported alongside new user retention.
- Updated CLI mapping, output formats, and configuration methods for flexibility.
- Provided example commands and clear documentation for common use cases.
元数据
常见问题
用户留存查询 是什么?
友盟 U-App 留存率查询技能,支持通过 umeng-cli call 调用友盟 OpenAPI(gateway.open.umeng.com)的 1 个只读留存接口,覆盖新增/活跃用户的次日/3日/7日/14日/30日留存率查询、版本与渠道维度的留存对比分析。当用户需要查询应用留存率、次日留存、7日留存、版本... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 134 次。
如何安装 用户留存查询?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install uapp-retention」即可一键安装,无需额外配置。
用户留存查询 是免费的吗?
是的,用户留存查询 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
用户留存查询 支持哪些平台?
用户留存查询 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 用户留存查询?
由 Umeng+(@squall0925)开发并维护,当前版本 v1.2.0。
推荐 Skills