← 返回 Skills 市场
310
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install yida-app
功能描述
宜搭完整应用开发技能,描述从零到一搭建一个完整宜搭应用的全流程,包括创建应用、创建页面、需求分析、编写代码、创建表单、发布部署。
安全使用建议
This skill's documentation describes a plausible Yida app workflow, but the package is instruction-only while the runtime steps assume many local helper scripts under .claude/skills/* and access to a cookie file (.cache/cookies.json). Before installing or running it: 1) verify the referenced sub-skill scripts actually exist and inspect their source (they will be executed with node); 2) be aware the agent will read your .cache/cookies.json (contains login cookies/corpId) and may write .cache/<project>-schema.json and PRD files—ensure you are comfortable with that access; 3) confirm you consent to the agent opening a browser tool and producing screenshots for QR login (these images may contain sensitive info); 4) if the package doesn’t include the scripts, do not run commands that download or execute arbitrary archives without reviewing their origin. If you’re unsure, request the full sub-skill code or a signed upstream release before proceeding.
功能分析
Type: OpenClaw Skill
Name: yida-app
Version: 1.0.0
The skill bundle orchestrates the automated development and deployment of Alibaba Yida applications by executing local Node.js scripts and managing sensitive session data in `.cache/cookies.json`. While the instructions in `SKILL.md` align with the stated purpose, the workflow involves high-risk behaviors such as automated login via QR code screenshots and the execution of external scripts (e.g., `publish.js`, `create-app.js`) that are not included in the bundle. The reliance on session cookies and the enforcement of agent-led login procedures present a significant security surface for potential session hijacking or unauthorized platform access if the underlying scripts are compromised.
能力评估
Purpose & Capability
The skill's stated purpose (end-to-end Yida app development) aligns with the actions described (create app/page/form, write PRD, compile/publish). However the SKILL.md expects many helper scripts under .claude/skills/* and access to .cache/cookies.json and .cache/<project>-schema.json, while the registry metadata shows no code files, no install steps, and no required config paths. That mismatch means the package as delivered cannot perform what it describes without external files; requiring local scripts/cookies is a notable incoherence.
Instruction Scope
Runtime instructions explicitly direct the agent to read and compare corpId from prd docs and .cache/cookies.json, write .cache/<project>-schema.json, run node scripts under .claude/skills/*, open a browser tool and capture screenshots for QR login, and update project PRD files. Reading/writing auth cookies and taking/sending screenshots are sensitive actions. The instructions also forbid telling the user to open the browser manually, which constrains interaction flow. These file and auth-access steps are relevant to the stated purpose but are broader than what the manifest declares and require user review/consent.
Install Mechanism
There is no install spec (instruction-only), which is low-risk in isolation. However, the SKILL.md assumes many local helper scripts and npm steps (e.g., npm install in yida-publish-page) located under .claude/skills/*; those scripts are not present in this package. If those referenced scripts are supplied later from external sources, that would increase risk.
Credentials
The manifest declares no required env vars or config paths, yet the instructions require access to .cache/cookies.json (login cookies and corpId) and to write .cache/<project>-schema.json and PRD files. Access to cookies/corpId is sensitive and should have been declared. There are no unrelated external credentials requested, but the omission of required config path declarations is an inconsistency and a potential privacy/security concern.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and is user-invocable. It does instruct writing project-local .cache and PRD files and invoking local scripts, which is normal for a development helper and does not indicate elevated system-wide privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install yida-app - 安装完成后,直接呼叫该 Skill 的名称或使用
/yida-app触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the yida-app skill for building Yida applications from scratch.
- Guides the complete development flow: app creation, requirement analysis, page/form creation, code writing, and deployment.
- Enforces corpId consistency checks and detailed login/cookie management instructions.
- Standardizes documentation and cache file structures for app configuration and schema IDs.
- Provides comprehensive usage scenarios, step-by-step breakdowns, and quick references for all subskills.
- Includes workflow rules, file structure conventions, and answers to common questions.
元数据
常见问题
Yida App 是什么?
宜搭完整应用开发技能,描述从零到一搭建一个完整宜搭应用的全流程,包括创建应用、创建页面、需求分析、编写代码、创建表单、发布部署。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 310 次。
如何安装 Yida App?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install yida-app」即可一键安装,无需额外配置。
Yida App 是免费的吗?
是的,Yida App 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Yida App 支持哪些平台?
Yida App 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Yida App?
由 nicky1108(@nicky1108)开发并维护,当前版本 v1.0.0。
推荐 Skills