by 安全扫描
OpenClaw
安全
high confidenceThe skill's requirements, runtime instructions, and installer are consistent with its stated purpose of fetching Ptengine heatmap data and performing analysis; nothing requested appears unrelated or excessive.
评估建议
This skill appears coherent and focused: it uses ptengine-cli to fetch historical aggregate heatmap data, runs analysis using the included methodology files, and will only ask you for your Ptengine API key/profile when needed. Before installing, consider: 1) The installer downloads an upstream install script from GitHub and executes it after verifying a pinned SHA256 — this is a good safety measure, but if you want extra assurance, inspect the referenced upstream repo (Kocoro-lab/ptengine-cli) a...详细分析 ▾
✓ 用途与能力
The skill's name/description (Ptengine heatmap analysis) aligns with what it asks for: it depends on ptengine-cli, references ptengine API fields, and includes comprehensive analysis rules. No unrelated credentials, binaries, or config paths are requested.
✓ 指令范围
SKILL.md confines all data sources to ptengine-cli, explicitly forbids scraping or browser automation, and instructs the agent to ask the user when block content is missing. The instructions reference only the ptengine-cli config path (~/.config/ptengine-cli/config.yaml) and ptengine-cli commands.
ℹ 安装机制
install.sh downloads an upstream install script from raw.githubusercontent.com at a pinned commit and verifies its SHA256 before executing — this is a reasonable mitigation. Note: the installer will execute code from the upstream project's script (itself), which may install binaries into PATH; users should review the upstream project or checksum if they require extra assurance.
✓ 凭证需求
The skill requires no environment variables or external credentials in its metadata. At runtime it legitimately asks the user to provide a Ptengine API key/profile via ptengine-cli config when needed; no unrelated secrets are requested.
✓ 持久化与权限
always is false and the skill does not request system-wide configuration beyond the ptengine-cli config file it legitimately reads. It does not modify other skills or require elevated/always-on privileges.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/20
Initial self-contained release of Ptengine Heatmap Analysis skill - Fetches and analyzes real Ptengine heatmap data using ptengine-cli; no external scraping. - Supports five analysis types: single page, segment comparison, A/B test validation, ad performance, and audience analysis. - Encodes CRO methodology: each block is classified by a 4-stage psychology model, with mapping rules provided for page types and block categories. - All data transformations, metric parsing rules, and evidence policies are included; only ptengine-cli data is considered authoritative. - Step-by-step workflow guides parameter setup, ptengine-cli checks and config, data fetching, and structured result presentation.
● 无害
安装命令
点击复制官方npx clawhub@latest install pte-heatmap-analyze
镜像加速npx clawhub@latest install pte-heatmap-analyze --registry https://cn.longxiaskill.com