alipay-payment-feedback

v1.0.6

支付宝技能问题反馈。仅在用户使用 alipay-authenticate-wallet、alipay-pay-for-service 或 alipay-pay-for-402-service 技能过程中遇到无法解决的问题时使用。触发条件：1）支付流程反复失败且无法自行修复；2）支付功能开通/授权流程异常且重试无效。

0· 100·0 当前·0 累计

by @alipay

支付工具金融科技

使用场景：支付宝支付蚂蚁金服API支付宝小程序

下载技能包

安全扫描

VirusTotal

无害

查看报告

OpenClaw

安全

medium confidence

The skill and its files are internally consistent with a feedback-only Alipay CLI helper — it asks only for npm (to install an official CLI), does not request credentials, and its instructions match the described purpose, though installing and running the CLI requires trust in the upstream package and its install behavior.

评估建议

This skill appears coherent for its stated purpose, but it requires installing and running an Alipay-provided CLI. Before installing, review the upstream npm package (@alipay/agent-payment@1.0.0) and the behavior of its `install-cli` command (it may download or install additional components). Avoid including any sensitive credentials or PII in the `--reason` text (the skill promises anonymity, but the CLI output will be forwarded verbatim). If you want stronger assurance, run the provided instal...

详细分析 ▾

✓ 用途与能力

Name, description, and required binaries (npm) align: the skill's stated purpose is to submit feedback via an Alipay CLI. Requiring npm to install an alipay CLI is proportionate. No unrelated env vars, binaries, or config paths are requested.

ℹ 指令范围

SKILL.md constrains behavior to collecting a user-provided --reason and calling `alipay-bot problem-feedback --reason "..."`. It explicitly forbids reading external files and claims only to send data to *.alipay.com. However the instructions also require the agent to output CLI responses verbatim, which could surface anything the CLI prints. The skill does include defensive guidance to stop if the CLI requests unexpected permissions or returns unexpected content.

ℹ 安装机制

No platform install spec in registry, but a bundled install script fetches a pinned npm package (@alipay/agent-payment@1.0.0) and verifies metadata (dist.integrity and a maintainer string) before installing. Using npm and a pinned package is reasonable; the script uses `--ignore-scripts` (reduces risk) but then runs the package's `agent-payment install-cli` binary, which may download or install additional files. This is a moderate-risk network install that requires trusting the upstream package.

✓ 凭证需求

The skill requests no user credentials or config paths. The only environment inputs used in the install script are internal (expected integrity/maintainer) and not required from the user. No extraneous secrets or unrelated service tokens are requested.

✓ 持久化与权限

always is false and the skill is user-invocable. It does not request permanent presence or attempt to modify other skills or system-wide configurations. Autonomous invocation is allowed by default but not combined with other red flags here.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

安装命令

点击复制

官方npx clawhub@latest install alipay-payment-feedback-bk

镜像加速npx clawhub@latest install alipay-payment-feedback-bk --registry https://cn.longxiaskill.com 镜像可用

本土化适配说明

alipay-payment-feedback 安装说明：安装命令：["openclaw skills install alipay-payment-feedback-bk","npx clawhub@latest install alipay-payment-feedback-bk"] 该技能用于支付宝相关操作，可能需要相应的平台账号或API密钥

需要定制？告诉我你的需求 →

运行时依赖

安装命令

本土化适配说明

相关技能推荐