← 返回 Skills 市场
harrylabsj

Zto

作者 haidong · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
158
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install zto
功能描述
Use ZTO Express (中通快递) for shipment tracking, shipping guidance, service-type comparison, outlet lookup, and delivery-time or fee estimation. Use when the us...
安全使用建议
What to consider before installing: - The skill appears to be a local ZTO helper that stores history, subscriptions, and optional encrypted files under ~/.openclaw/data/zto/. That behavior is declared in SKILL.md and implemented in code. - The SecureStorage implementation stores a Fernet key at ~/.openclaw/data/zto/secure/.key with file mode 600. While the data are encrypted, the key is stored locally; if an attacker can read your home directory they could decrypt the files. Avoid storing highly sensitive secrets (bank details, full identity documents) in the skill's storage. - The code imports aiohttp (networking). The visible query() simulates results, but the zto.py file was truncated in the listing — review the full file for any network calls or outbound endpoints before trusting it, especially any code that might transmit stored data to remote servers. - Dependencies are normal Python packages. Install into a virtualenv/sandbox if you want to reduce risk. - Use the provided privacy commands (privacy info / privacy clear / privacy export) to audit and remove data if you decide to try the skill. - If you do not trust the skill author or cannot inspect the entire zto.py file, treat it as untrusted code and run in an isolated environment. If you want, I can scan the remainder of zto.py (provide the full file) and specifically look for network endpoints, telemetry/callback code, or references to external hosts.
功能分析
Type: OpenClaw Skill Name: zto Version: 1.0.0 The 'zto' skill is a legitimate tool for ZTO Express shipment tracking and logistics estimation. It uses local SQLite storage and a dedicated encryption module (security.py) to manage user history and subscriptions within the ~/.openclaw/ directory, all of which is clearly disclosed in SKILL.md. The code logic in zto.py is transparent, lacks any evidence of data exfiltration or unauthorized execution, and includes built-in privacy controls for users to inspect or clear their local data.
能力评估
Purpose & Capability
Name/description (ZTO tracking, estimates, outlet lookup) aligns with the included code: local DB for history/subscriptions, price/time estimates, and formatting. The required dependencies (aiohttp, cryptography, etc.) are plausible for a CLI that could fetch remote data, encrypt local secrets, and render QR/images.
Instruction Scope
SKILL.md clearly documents local persistence paths and privacy controls. The runtime code writes an SQLite DB and may use SecureStorage for encrypted files. However the Python code imports aiohttp (network library) but the visible query() implementation simulates results rather than calling external ZTO endpoints; this leaves open the possibility the rest of zto.py (truncated in the listing) initiates network traffic to endpoints not declared in SKILL.md. SKILL.md does not declare any external endpoints — if the code later contacts remote APIs, that should be disclosed.
Install Mechanism
No installation script/remote download is included — this is an instruction-only/packaged-code skill. Dependencies are standard Python packages listed in requirements.txt. No suspicious URL downloads or archive extraction are present.
Credentials
The skill does not request environment variables, system paths, or external credentials. Its use of local storage under the user's home directory is proportionate to its functionality.
Persistence & Privilege
The skill persists data under ~/.openclaw/data/zto, including an encrypted storage area and a locally-stored Fernet key file (~/.openclaw/data/zto/secure/.key). This is expected for local encrypted storage, but storing the encryption key on disk next to the encrypted files reduces protection if an attacker already has local file access. always:false and no system-wide config changes are requested.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install zto
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /zto 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
No changes detected in this version. - Version 1.0.0 has no file modifications or updates from the previous release.
v1.0.1
English-first documentation update
元数据
Slug zto
版本 1.0.0
许可证 MIT-0
累计安装 1
当前安装数 0
历史版本数 2
常见问题

Zto 是什么?

Use ZTO Express (中通快递) for shipment tracking, shipping guidance, service-type comparison, outlet lookup, and delivery-time or fee estimation. Use when the us... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 158 次。

如何安装 Zto?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install zto」即可一键安装,无需额外配置。

Zto 是免费的吗?

是的,Zto 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Zto 支持哪些平台?

Zto 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Zto?

由 haidong(@harrylabsj)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论