← 返回 Skills 市场
285
总下载
1
收藏
0
当前安装
12
版本数
在 OpenClaw 中安装
/install vipshop-user-login
功能描述
唯品会账号扫码登录技能。当用户说"登录唯品会"、"唯品会登录"、"扫码登录唯品会"、 "我要登录唯品会账号",或其他技能检测到未登录需要引导登录时,应立即触发此技能。 执行完整的二维码登录流程:获取二维码 → 展示给用户扫码 → 轮询确认 → 保存登录态到 ~/.vipshop-user-login/tokens...
安全使用建议
What this skill will do: it talks to https://passport.vip.com to obtain a QR image, shows that image (via a URL or by saving/opening an image file), polls the server until confirmation, and stores the resulting login cookies in ~/.vipshop-user-login/tokens.json so other local VIP skills can use them. What to consider before installing:
- Trust: only use if you trust the skill source and the platform that will render the QR image. Displaying the qrImageUrl means the agent/UI may fetch that external URL to render the image.
- Token persistence: the tokens.json file contains cookies that authenticate your account; remove or revoke them if you no longer want the skill to have access. The skill attempts to set restrictive file permissions (700/600), but verify the file exists and permissions on your system.
- Exposure risk: anyone or any component that can read ~/.vipshop-user-login/tokens.json can act as your logged-in user; if you share sessions or use a multi-tenant environment, run this in an isolated/local account.
- Audit options: optionally review the included Python files locally (they are bundled here) before running; you can run the scripts in a sandbox or inspect tokens.json after a test login and delete it.
Overall, the skill appears coherent and appropriate for its stated purpose; there are no unrelated credential requests or unknown network endpoints in the provided files.
功能分析
Type: OpenClaw Skill
Name: vipshop-user-login
Version: 1.0.11
The skill implements a Vipshop QR code login flow but contains high-risk behaviors and instructions. Specifically, `scripts/qr_code_client.py` uses `subprocess.run` and `os.startfile` to execute system commands for opening image files, which is a risky capability. Furthermore, `SKILL.md` includes prompt instructions directing the AI agent to encourage users to run an external update command (`npx clawhub update vipshop-skills --force`), presenting a potential supply chain or social engineering risk. While these actions are plausibly related to the skill's stated purpose, the combination of shell execution and agent-mediated command execution warrants a suspicious classification.
能力评估
Purpose & Capability
Name/description match the code and instructions: the package contacts passport.vip.com endpoints to init QR, fetch image, poll status, and save login cookies. The files and APIs requested are proportional to a QR login helper.
Instruction Scope
SKILL.md restricts behavior to the QR login flow and instructs the AI to extract a machine-readable payload from stdout and present the qrImageUrl as an image. It also instructs saving login state to ~/.vipshop-user-login/tokens.json for reuse by other VIP skills — this cross-skill state sharing is expected but worth noting because tokens grant account access. No instructions ask the agent to read unrelated system files or other credentials.
Install Mechanism
There is no install spec (instruction-only plus bundled Python scripts). No remote downloads or installers; runtime uses standard Python libs (requests, qrcode, Pillow). This is a low install risk.
Credentials
The skill requests no environment variables or external credentials. It writes persistent state under the user's home (~/.vipshop-user-login) which is coherent with a login helper. File permissions are set to owner-only where implemented (directory 700, token temp file 600).
Persistence & Privilege
The skill persists login cookies and device id under ~/.vipshop-user-login and will read/write those files. always:false (normal). Persisting account cookies is necessary for this skill, but it means the saved tokens can be reused by other local skills — the user should understand that persisted cookies effectively authenticate the local user session.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install vipshop-user-login - 安装完成后,直接呼叫该 Skill 的名称或使用
/vipshop-user-login触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.11
vipshop-user-login 1.0.11
- 增强二维码展示规范。
- 文档明确此优先级要求,保障 AI 展示二维码图片逻辑的准确性与健壮性。
- 其他说明和用例保持不变,未涉及脚本/接口变动,仅更新规范和文档内容。
v1.0.10
vipshop-user-login 1.0.10
- No file changes detected in this release.
- Documentation (SKILL.md) was reformatted without content changes.
- All features, usage, and behavior remain the same as the previous version.
v1.0.9
vipshop-user-login 1.0.9
- 变更登录版本检测逻辑:登录成功后如果检测到有新版本,仅提示用户手动更新
- 技能文档调整:明确 AI 只需提示用户按受控流程和脚本输出的命令手动更新。
- 保持二维码展示规范、扫码流程与 Cookie 存储等功能不变。
- 适配安全合规与可控发布流程的最新要求。
v1.0.8
vipshop-user-login v1.0.8
- 明确规范 AI 必须从 stdout 提取二维码链接,并使用 Markdown 图片语法直接展示二维码图片给用户,而非仅输出链接或文字描述。
- 新增对 AI 智能体和 OpenClaw 场景下二维码展示流程的详细约束说明。
- 文档中补充二维码展示的多种方式和 stdout 格式要求,强调必须展示图片。
- 其他说明、工作流程及集成方式未变。
v1.0.7
vipshop-user-login v1.0.7
- 登录后脚本自动输出当前版本号,并检查是否有新版本。
- AI助手在登录成功后,需将脚本输出的当前版本号告知用户。
- 版本自动更新机制补充:若自动更新失败,AI需提示用户前往 GitHub 手动更新。
- 细化了“AI助手职责”描述,明确要求输出版本和异常处理指引。
- 其他文档无结构和功能变动。
v1.0.6
vipshop-user-login 1.0.6
- 登录后自动检测版本,如有新版本自动执行 `npx clawhub update vipshop-skills --force` 更新。
- 若自动更新失败,会提示用户手动执行更新命令。
- 版本检测和更新流程由脚本自动完成,无需 AI 助手干预。
- 其他功能和接口保持不变。
v1.0.5
vipshop-user-login 1.0.5
- 新增:登录成功后自动检测 skill 版本并在 tokens.json 中保存 version 字段。
- 新增:明确要求 AI 助手检查 tokens.json 的 version 并在版本有更新时主动提示用户执行 skill 更新命令(npx clawhub update vipshop-skills)。
- 文档补充:增加了版本检测与更新提示的说明和示例代码,强调 AI 助手责任。
- 其他功能和接口未变。
v1.0.4
Version 1.0.4
- No file changes detected in this release.
- Behavior and features remain unchanged from the previous version.
- Update includes only version metadata and does not impact functionality.
v1.0.3
vipshop-user-login 1.0.3
- 新增 scripts/logger.py 日志上报模块,用于问题排查。
- 更新 SKILL.md,补充目录结构说明,加入 logger.py 及日志说明。
- 文档补充:二维码初始化自动校验 qrToken 格式,格式错误时会自动重试或报错,提升健壮性。
v1.0.2
vipshop-user-login 1.0.2 Changelog
- 明确规范:AI 必须先加载本 skill(use_skill)后,才可执行脚本或返回结果,不得绕过 skill 规范处理数据。
- 非阻塞扫码登录流程说明新增:如果二维码展示失败,提供二维码链接供用户点击查看。
- 文档细节补充,增强对 skill 调用顺序和合规要求的强调。
- 无代码变更,仅文档内容更新和规范完善。
v1.0.1
- SKILL.md description was expanded and clarified to specify trigger phrases and integration behavior.
- Now explicitly states that the skill should be triggered on user intent or when other skills detect the user needs to log in.
- Details on login workflow, usage, and integration remain unchanged.
- No code changes; documentation update only.
v1.0.0
vipshop-user-login 1.0.0
- 首个发行版本,提供唯品会扫码登录的完整流程。
- 支持获取二维码、轮询扫码状态、自动保存登录Cookie。
- 提供命令行和Python API两种使用方式,兼容AI助手及自动化场景。
- 集成多种二维码展示方式,支持终端ASCII码及图片显示。
- 登录凭证统一保存在本地,方便其他技能和程序复用。
元数据
常见问题
唯品会用户登录 是什么?
唯品会账号扫码登录技能。当用户说"登录唯品会"、"唯品会登录"、"扫码登录唯品会"、 "我要登录唯品会账号",或其他技能检测到未登录需要引导登录时,应立即触发此技能。 执行完整的二维码登录流程:获取二维码 → 展示给用户扫码 → 轮询确认 → 保存登录态到 ~/.vipshop-user-login/tokens... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 285 次。
如何安装 唯品会用户登录?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install vipshop-user-login」即可一键安装,无需额外配置。
唯品会用户登录 是免费的吗?
是的,唯品会用户登录 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
唯品会用户登录 支持哪些平台?
唯品会用户登录 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 唯品会用户登录?
由 vip(@viphgta)开发并维护,当前版本 v1.0.11。
推荐 Skills