← 返回 Skills 市场
语雀 Skill
作者
feixuelingcloud
· GitHub ↗
· v1.1.0
· MIT-0
54
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install yuque-skill
功能描述
通过语雀开放API对语雀(Yuque)文档与知识库执行端到端自动化操作 —— 创建/读取/更新/删除文档、管理知识库目录(TOC)、调整Markdown排版(字号、颜色、标题、表格、代码块、提示框)、全文搜索及批量导入导出。任何用户提到"语雀""yuque""知识库""文档目录""TOC""语雀文档格式调整""语...
安全使用建议
This skill is a coherent Yuque API client (scripts to list/get/create/update/delete docs, manage TOC, format Markdown, and do bulk import/export). Before installing:
- Be aware it requires your Yuque API token (YUQUE_TOKEN) or a ~/.yuque/config.json; the registry metadata does not declare this, so you must provide the token manually if using the scripts.
- Inspect scripts (they are included) — batch.py and toc.py can delete or update many documents; use dry-run options and backups (SKILL.md even recommends exporting/backing up before bulk changes).
- Consider scoping the token (minimum scopes: doc:read/doc:write/repo:read/repo:write) and use a token dedicated to the skill (not a broad org admin token).
- Note the SKILL.md's instruction to 'proactively call' the skill on any mention of Yuque: if you do not want the agent to autonomously run these scripts when users merely mention Yuque, ensure agent/plugin invocation rules prevent automatic execution or disable autonomous invocation for this skill.
If you want to proceed: set YUQUE_TOKEN in the environment (or place a properly-permissioned ~/.yuque/config.json), test with `python scripts/yuque_client.py whoami`, and for any bulk operation run with dry-run / backups first.
功能分析
Type: OpenClaw Skill
Name: yuque-skill
Version: 1.1.0
The yuque-skill bundle is a legitimate and well-structured tool for automating Yuque document and repository management via the official Yuque API. The scripts (docs.py, toc.py, search.py, batch.py) provide standard CRUD and management functionality using a zero-dependency client (yuque_client.py) based on Python's standard library. Security-conscious practices are evident, such as the inclusion of a 'sanitize' function in format_helpers.py to strip dangerous HTML tags and a mandatory dry-run recommendation for batch replacements. No evidence of data exfiltration, unauthorized persistence, or malicious prompt injection was found.
能力标签
能力评估
Purpose & Capability
The skill's name/description (Yuque client: CRUD, TOC, format helpers, batch import/export) matches the included scripts. However the skill metadata lists no required environment variables or primary credential while SKILL.md and the code clearly require a YUQUE_TOKEN (or ~/.yuque/config.json). That mismatch between declared requirements and actual needs is an incoherence that could mislead users about what secrets the skill needs.
Instruction Scope
SKILL.md instructs the agent to run the bundled Python scripts (scripts/*.py) and to proactively call the skill whenever the user mentions '语雀' even without an explicit 'use skill' phrase. The scripts legitimately read/write local files (batch export/import writes/reads Markdown files), read ~/.yuque/config.json, and perform destructive actions (toc.py remove defaults to deleting underlying docs; batch.py replace can update many docs). The scope is generally consistent with the stated purpose, but the proactive/autonomous-invocation guidance plus destructive operations raise safety concerns if triggered unexpectedly.
Install Mechanism
No install spec is present (instruction-only for Openclaw) and the code is pure Python using only the standard library (urllib). There's no external download or installer. This lowers supply-chain risk; however the skill will execute local Python scripts when invoked.
Credentials
The skill legitimately requires an API token (X-Auth-Token / YUQUE_TOKEN) and optionally a custom base_url for private deployments; the code also reads ~/.yuque/config.json. But the registry metadata declares no required env vars or primary credential. The skill asks for a sensitive secret (API token) — that is proportionate to the purpose — yet failing to declare it in metadata is a visibility/permission mismatch that may cause users to overlook the credential access.
Persistence & Privilege
Metadata flags show always:false (correct for most skills) and model invocation is allowed (normal). However SKILL.md explicitly instructs the agent to invoke the skill proactively on any mention of Yuque, which implies near-automatic invocation; this intent is not reflected in metadata (no always:true), creating an inconsistency. Combined with the ability to perform destructive writes (delete docs, update many docs), this raises the potential for unintended actions if the agent autonomously calls the skill.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install yuque-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/yuque-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
补全 Openclaw & Claude Code 双平台说明,新增 GitHub 安装和对话页面安装方式
元数据
常见问题
语雀 Skill 是什么?
通过语雀开放API对语雀(Yuque)文档与知识库执行端到端自动化操作 —— 创建/读取/更新/删除文档、管理知识库目录(TOC)、调整Markdown排版(字号、颜色、标题、表格、代码块、提示框)、全文搜索及批量导入导出。任何用户提到"语雀""yuque""知识库""文档目录""TOC""语雀文档格式调整""语... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 54 次。
如何安装 语雀 Skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install yuque-skill」即可一键安装,无需额外配置。
语雀 Skill 是免费的吗?
是的,语雀 Skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
语雀 Skill 支持哪些平台?
语雀 Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 语雀 Skill?
由 feixuelingcloud(@feixuelingcloud)开发并维护,当前版本 v1.1.0。
推荐 Skills