← Back to Skills Marketplace
zhouzidan

nokey-vehicle-info

by zhou_guobao · GitHub ↗ · v1.0.2 · MIT-0
cross-platform ⚠ suspicious
138
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install nokey-vehicle-info
Description
车辆信息查询技能,支持查询车辆位置、车况信息(车锁、车门、车窗、空调、引擎状态等)。当用户查询车辆位置、询问车辆在哪里、查询车况信息时自动调用此技能。
Usage Guidance
What to consider before using/installing: - Do not paste real production tokens until you confirm expected format and endpoints. SKILL.md and README disagree on whether the string is vehicleToken####accessToken or accessToken####vehicleToken — confirm with the author or by trial with a short-lived test token. - The skill saves tokens in plaintext to ~/.nokey_vehicle_info_cache.json and prints them in examples; treat these tokens as sensitive. If you must test, use short-lived or test tokens and rotate them immediately after. - The package has no verified source or homepage. Prefer skills from known authors or official vendor integrations; verify the API domains (uat-openapi.ingeek.com and openapi.nokeeu.com) independently before sending credentials. - The SKILL.md expects curl and jq but the skill metadata didn't list required binaries — ensure you have those tools and understand they will be used to make network calls to the listed endpoints. - If you proceed: 1) test with a revoked/test token, 2) inspect the created cache file and remove it when done, 3) consider restricting file permissions (chmod 600) and rotating real tokens after use, and 4) ask the maintainer to fix the token-format documentation and avoid echoing tokens in outputs/logs. - If you cannot verify the author or endpoints, do not provide live credentials and consider declining installation.
Capability Analysis
Type: OpenClaw Skill Name: nokey-vehicle-info Version: 1.0.2 The skill manages vehicle information by executing shell commands (curl, jq, awk) to interact with third-party APIs (ingeek.com, nokeeu.com). It requests sensitive authentication tokens from the user and stores them in plaintext in a local cache file (~/.nokey_vehicle_info_cache.json), which is a significant security vulnerability. Additionally, the instructions in SKILL.md for processing user-provided tokens via shell scripts are potentially vulnerable to shell injection if the AI agent does not sanitize the input before execution. While these capabilities are plausibly needed for the stated purpose, the combination of risky shell execution and insecure credential handling warrants a suspicious classification.
Capability Assessment
Purpose & Capability
The declared purpose (query vehicle location and condition) matches the documented API calls to /iot/v1/condition. However there are internal inconsistencies: SKILL.md expects token format vehicleToken####accessToken while README.md documents accessToken####vehicleToken. The skill also references a deploy.sh and a deploy path that are not present in the package. These mismatches reduce confidence in correctness but do not by themselves indicate malicious intent.
Instruction Scope
Runtime instructions instruct the agent/user to accept credential strings, parse them, save them to ~/.nokey_vehicle_info_cache.json, and use curl/jq to POST to external endpoints. Saving sensitive tokens in plaintext and echoing them to stdout (the docs show echoing accessToken/vehicleToken) increases risk of accidental leakage (e.g., logs, screenshots, assistant transcripts). The instructions also require reading and writing the user's home directory; while this is functionally relevant, it is sensitive and should be explicit to users.
Install Mechanism
This is instruction-only (no install spec, no code files), so no archive downloads or exec installs are present. The README recommends installing curl and jq, but the skill metadata lists no required binaries — that mismatch is an oversight. Overall install risk is low because nothing is being downloaded by the skill itself.
Credentials
The skill requests no environment variables but its README/SKILL.md reference environment selection (VEHICLE_ENV or cached env field). The biggest proportionality concern is that the skill asks for two sensitive tokens and stores them unencrypted in a local file without guidance on protecting or rotating them. The conflicting token-format documentation (two places disagree which token comes first) is a substantive coherence issue for credential handling.
Persistence & Privilege
always:false (no forced global presence). The skill persists credentials in a file under the user's home (~/.nokey_vehicle_info_cache.json), which is expected for caching but should be considered a privilege (it writes to user home). It does not request system-wide config changes or other skills' credentials.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install nokey-vehicle-info
  3. After installation, invoke the skill by name or use /nokey-vehicle-info
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
**Changelog for nokey-vehicle-info v1.0.2** - 更新接口响应示例与字段说明,细化车辆状态字段(power、trunk、gear、window 等)。 - 明确 gear 档位、window 车窗等字段的编码说明。 - 删除响应示例中未必返回的车辆物理量字段(如温度、电压、电量等)。 - 无功能完善或接口变更,仅文档描述更正与结构精简。 - 保留所有使用方式和环境切换相关指引不变。
v1.0.1
功能完善
v1.0.0
nokey-vehicle-info 1.0.0 - 初始发布 - 新增车辆信息查询技能,支持车辆位置与车况(如车锁、车门、车窗、空调、引擎状态等)自动化查询。 - 实现 access_token 和 device_token 的本地认证缓存与校验。 - 支持用户通过命令行/会话引导补充认证信息。 - 通过 curl API 方式无依赖实现车辆状态与位置信息查询。 - 支持环境切换(UAT 和 PROD)。 - 完备的查询流程说明和接口字段文档,含错误处理指引。
Metadata
Slug nokey-vehicle-info
Version 1.0.2
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is nokey-vehicle-info?

车辆信息查询技能,支持查询车辆位置、车况信息(车锁、车门、车窗、空调、引擎状态等)。当用户查询车辆位置、询问车辆在哪里、查询车况信息时自动调用此技能。 It is an AI Agent Skill for Claude Code / OpenClaw, with 138 downloads so far.

How do I install nokey-vehicle-info?

Run "/install nokey-vehicle-info" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is nokey-vehicle-info free?

Yes, nokey-vehicle-info is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does nokey-vehicle-info support?

nokey-vehicle-info is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created nokey-vehicle-info?

It is built and maintained by zhou_guobao (@zhouzidan); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments