← 返回 Skills 市场
180
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install uni-app-wechat-miniprogram-cicd
功能描述
uni-app 项目微信小程序全流程开发、构建与 CI/CD 发布。当用户提到:开发 uni-app 小程序、用 uni-app 开发微信小程序、uni-app 小程序 CI/CD 发布、小程序上传体验版、自动发布微信小程序、miniprogram-ci 配置、微信小程序自动化发布、GitHub Actions...
安全使用建议
This skill appears to implement a real uni‑app → WeChat CI/CD workflow, but the registry metadata fails to declare the runtime requirements (node/npm and the CI secrets). Before installing or enabling it:
- Treat WEAPP_PRIVATE_KEY and WEAPP_APPID as sensitive secrets. Do not put private keys into repo history; store them in CI secret storage.
- Confirm the skill's metadata is updated to declare required env vars and binaries (NODE/npm, WEAPP_APPID, WEAPP_PRIVATE_KEY or WEAPP_PRIVATE_KEY_PATH, VERSION). The current metadata omission is suspicious (may be an oversight, but it hides what the skill actually needs).
- Review scripts/build-uni.js and scripts/ci-publish.sh yourself: they write the private key from an env var to disk (keys/private.key by default). Ensure your CI runner is trusted, permissions are tightened (chmod), and artifacts containing keys are not retained or published.
- In CI (GitHub Actions/GitLab) ensure secrets are masked and the key-writing step cannot leak via logs. Avoid echoing secrets to logs.
- If you plan to run locally, run the scripts in an isolated environment and verify the private key path before execution.
If the author cannot or will not update the skill metadata to list required env vars and runtime dependencies, consider this a red flag and proceed only after manual code review and controlled testing.
功能分析
Type: OpenClaw Skill
Name: uni-app-wechat-miniprogram-cicd
Version: 1.0.0
The skill bundle provides a legitimate set of tools and documentation for automating the CI/CD pipeline of uni-app WeChat mini-programs using the official 'miniprogram-ci' library. The scripts (scripts/build-uni.js and scripts/ci-publish.sh) correctly handle sensitive credentials like the WeChat private key by reading them from environment variables and applying appropriate file permissions (chmod 400), which is standard practice for CI environments. No evidence of data exfiltration, malicious execution, or prompt injection was found.
能力评估
Purpose & Capability
The skill's name, description, SKILL.md and scripts all consistently implement uni-app building and miniprogram-ci based upload/publish; the requested capabilities (AppID, private key, CI integration) are appropriate for that purpose. However the registry metadata lists no required env vars or binaries even though the scripts and CI templates clearly require NODE/npm, WEAPP_APPID, WEAPP_PRIVATE_KEY (or WEAPP_PRIVATE_KEY_PATH), VERSION, etc. That metadata omission is an inconsistency.
Instruction Scope
SKILL.md and included scripts limit themselves to building the project, writing the private key to a local path, and invoking miniprogram-ci to upload/publish. They do not instruct reading unrelated system files or exfiltrating data to third‑party endpoints; uploading is done to WeChat via miniprogram-ci as expected. The scripts do write secret material (private key) to disk — which is necessary for miniprogram-ci but worth noting.
Install Mechanism
This is an instruction-only skill with two small helper scripts; there is no install spec that downloads arbitrary archives. The risk surface is limited to running the provided scripts. Runtime does require installing project dependencies (npm ci) and miniprogram-ci in CI, which the templates document.
Credentials
The code expects sensitive environment data (WEAPP_PRIVATE_KEY or WEAPP_PRIVATE_KEY_PATH and WEAPP_APPID, plus VERSION and optionally CI_MODE). Those are appropriate and necessary for the stated purpose, but the registry metadata declares no required env vars or primary credential and lists no required binaries. Also the scripts write the private key file from an env var into the repository/workspace; that is functionally necessary but increases exposure if CI runner or artifacts are not properly secured or secrets are misconfigured.
Persistence & Privilege
The skill is not marked always:true and does not request system‑wide or other-skill credentials. It writes files only into its workspace (keys/ path by default) and uses standard CI runner operations. No persistent background privileges are requested.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install uni-app-wechat-miniprogram-cicd - 安装完成后,直接呼叫该 Skill 的名称或使用
/uni-app-wechat-miniprogram-cicd触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
uni-app 微信小程序开发与 CI/CD 发布技能首发:
- 提供 uni-app 项目微信小程序全流程开发、构建和自动化 CI/CD 发布支持
- 集成 miniprogram-ci,支持命令行上传、体验版发布及 API 用法参考
- 附 GitHub Actions / GitLab CI 配置模板与一键发布脚本,适配主流 CI/CD 流水线
- 详细文档覆盖项目初始化、微信开发者工具 CLI 配置、密钥管理等核心环节
- 故障排查与常用命令速查表,简化问题定位和开发维护
元数据
常见问题
Uni App Wechat Cicd 是什么?
uni-app 项目微信小程序全流程开发、构建与 CI/CD 发布。当用户提到:开发 uni-app 小程序、用 uni-app 开发微信小程序、uni-app 小程序 CI/CD 发布、小程序上传体验版、自动发布微信小程序、miniprogram-ci 配置、微信小程序自动化发布、GitHub Actions... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 180 次。
如何安装 Uni App Wechat Cicd?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install uni-app-wechat-miniprogram-cicd」即可一键安装,无需额外配置。
Uni App Wechat Cicd 是免费的吗?
是的,Uni App Wechat Cicd 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Uni App Wechat Cicd 支持哪些平台?
Uni App Wechat Cicd 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Uni App Wechat Cicd?
由 ACxj(@acxj)开发并维护,当前版本 v1.0.0。
推荐 Skills