by 安全扫描
OpenClaw
安全
high confidenceThe skill's code and runtime instructions match its description: it uses Playwright to scrape Huawei AppGallery for the app version, requires no credentials, and does not perform unrelated actions.
评估建议
This skill appears coherent and low-risk: it simply opens the AppGallery page and reads a CSS selector. Before installing, note that Playwright will download Chromium (large binary) and the script will make network requests to AppGallery and execute page rendering (normal for a browser scraper). If you run this routinely, consider rate limits and running in a sandbox/container. Review the small Python script yourself (it prints JSON and does not exfiltrate secrets) and ensure your environment al...详细分析 ▾
✓ 用途与能力
Name and description (fetching 一日记账 version from Huawei AppGallery) align with the included script and SKILL.md. The declared dependency on Playwright/Chromium is appropriate for a headless-browser scraper.
✓ 指令范围
SKILL.md and scripts only instruct fetching the AppGallery URL and reading a CSS selector. The script accesses no unrelated files, env vars, or external endpoints beyond the AppGallery page.
✓ 安装机制
This is instruction-only with no packaged install spec. SKILL.md recommends 'pip install playwright' and 'playwright install chromium' which is standard for Playwright-based tools; these operations download browser binaries from upstream (expected behavior).
✓ 凭证需求
No environment variables, credentials, or config paths are required. The requested resources are proportionate to the task.
✓ 持久化与权限
always is false and the skill does not modify system or other-skill configuration. Autonomous invocation is allowed by default but not combined with elevated privileges here.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/3
- Initial release of yiri-app-monitor. - Monitors and reports the latest version of 一日记账 App from Huawei AppGallery using Playwright and Chromium. - Triggers automatically when users inquire about 一日记账 version or updates. - Returns concise app version info, link, and timestamp. - Requires Python, Playwright, and Chromium; no API key needed.
● 无害
安装命令 点击复制
官方npx clawhub@latest install yiri-app-monitor
镜像加速npx clawhub@latest install yiri-app-monitor --registry https://cn.clawhub-mirror.com
技能文档
使用场景
当 QQ 用户询问以下内容时自动触发:
- "一日记账版本"
- "一日记账更新"
- "一日记账最新版本"
- "一日记账 app 版本"
- "一日记账有更新吗"
触发关键词
- 一日记账 + 版本
- 一日记账 + 更新
- 一日记账 app
- 一日记账最新
命令格式
无需命令,直接询问即可。示例:
Q: 一记账版本多少?
A: 📱 一日记账 当前版本:8.0.1
🔗 https://appgallery.huawei.com/app/detail?id=com.ericple.onebill
⏰ 2026-04-03 10:45:37
技术实现
- 使用 Playwright + Chromium headless 浏览器
- 访问华为 AppGallery 页面
- CSS 选择器:
span.content-value - 超时:30秒(页面加载)+ 20秒(选择器等待)
脚本路径
yiri-app-monitor/scripts/check_version.py
返回格式
{
"app_name": "一日记账",
"app_id": "com.ericple.onebill",
"version": "8.0.1",
"url": "https://appgallery.huawei.com/app/detail?id=com.ericple.onebill",
"checked_at": "2026-04-03 10:45:37"
}
依赖安装
如 Playwright 或 Chromium 未安装:
pip install playwright
playwright install chromium
备注
- 版本数据来源于华为 AppGallery 官方页面
- 无需 API Key,完全免费
- 支持定时检查(可结合 cron)
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制