技能详情(站内镜像,无评论)
作者:zhahngyongchao @asazhangyongchao
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.3
统计:⭐ 0 · 53 · 0当前安装次数· 0历史安装次数
⭐ 0
安装量(当前) 0
🛡 VirusTotal :可疑 · OpenClaw :可疑
Package:asazhangyongchao/asiasea-bi
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :可疑
OpenClaw 评估
The skill mostly matches a BI/agent purpose but contains clear inconsistencies and risky behaviors (notably embedding request headers/credentials into uploaded HTML snapshots and contradictory claims about credential isolation), so proceed only after code and deployment concerns are addressed.
目的
Name/description: BI / Feishu integration. Implementation: Python code calls asiagroup/yayuit endpoints to list systems, obtain system tokens, upload/publish HTML reports. Expected: a Feishu-integrated skill would normally show explicit Feishu API usage or require Feishu credentials; this code does not. The repo/README/license claim private proprietary usage while SKILL.md instructs cloning via public git@github.com; small metadata version mis…
说明范围
SKILL.md instructs cloning/deploying and runtime ‘初始化’/‘切换系统’ flows. The runtime instructions claim strict credential isolation, but main.py's generate_html function embeds a base64-encoded payload that includes API URL and headers (headers_dict) into the generated HTML and then the skill uploads that HTML to an OSS endpoint — this directly contradicts the '凭证隔离' claim and risks leaking tokens via uploaded snapshots.
安装机制
No install spec; code is bundled in the skill (main.py). No external arbitrary downloads or extract operations. Uses the Python requests library (standard for network interaction).
证书
Skill declares no required env vars or credentials, but it obtains system tokens from remote APIs and stores per-user session files under the skill directory. It then includes headers/tokens in generated HTML (base64) which is uploaded — this is disproportionate to the 'do not expose credentials' guarantees and increases risk of secret leakage. The LICENSE forbids publishing the software to public repos, but the README suggests cloning from Gi…
持久
always:false (normal). The skill writes per-user session files (.session_<id>.json) into the skill directory (BASE_DIR). Writing session state to disk is expected for multi-session logic, but these files may contain system_auth_headers and should be treated as sensitive; the skill also persists generated reports to OSS via upload endpoint.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「asiasea-bi」。简介:飞书集成智能数据网关,支持企业异构系统动态映射与切换、基于自然语言时间语义推导的真实 API 数据穿透与可视化快照固化发布。。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/asazhangyongchao/asiasea-bi/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: asiasea-bi
description: 飞书集成智能数据网关,支持企业异构系统动态映射与切换、基于自然语言时间语义推导的真实 API 数据穿透与可视化快照固化发布。
repository: asiasea-ai/bi
triggers:
- 金灯塔BI 初始化
- 初始化
- 系统列表
- 切换系统
- 报表
- 数据看板
- BI
- 统计
- 趋势
- 度量
- 查询
- 发布
---
# 🌌 金灯塔智能 BI Skill (Cognitive Data Agent)
## 描述
本 skill 是金灯塔数据中枢的 OpenClaw 认知代理适配版本。依托动态元数据路由机制,允许用户通过自然语言精确穿透企业各类异构微服务架构,实时提取核心业务度量快照,并将多维数据流一键投影并发布为可视化研报。**(异步定时调度路由由 OpenClaw 平台原生编排引擎接管)**
**代码仓库**: `asiasea-ai/bi`
## 可用交互协议流
- **安全握手与鉴权**: `初始化`
- **域感知与上下文注入**: `切换系统 [目标业务域]` (如:`切换系统 核心业务节点A`)
- **高阶语义数据查询 (强制收敛时间边界)**:
- `查询本月的[核心业务指标]`
- `提取上一时间周期的[度量矩阵数据]及趋势演进`
- **拓扑快照固化发布**:
- `把刚才的数据快照发布到系统`
## 架构安全声明
完全兼容 OpenClaw 的 `handle` 同步函数规范。底层映射真实零信任鉴权接口与业务元数据网络,具备启发式意图时间推导引擎,**100% 拒绝数据幻觉与异常兜底伪装**。系统生成的纯静态 DOM 快照严格落实凭证隔离,确保核心物理数据的绝对安全。