首页龙虾技能列表 › Appian Discovertechdebt — 实用工具

Appian Discovertechdebt — 实用工具

v1.6.0

应用 用于 tech debt by finding objects whose SAIL definitions reference outdated versioned functions (marked by Appian 使用 _v suffix...

0· 5·0 当前·0 累计
by @solarspiker·MIT-0
下载技能包
License
MIT-0
最后更新
2026/4/14
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
可疑
medium confidence
The skill's code and instructions largely match its stated purpose (export an Appian application and scan for _v# function references), but it contains a few surprising choices (local file fallback for credentials, writing/mirroring ZIPs to home and CWD, and a truncated code file) that warrant caution before installing.
评估建议
This skill appears to do what it says, but take precautions before installing or running it: (1) Confirm you trust the skill source; the author is unknown. (2) Understand that the script will use APPIAN_BASE_URL and APPIAN_API_KEY (or appian.json/.env in the working directory) to trigger and download an Appian export — the exported ZIP may contain sensitive configuration or secrets. (3) The skill writes the ZIP to ~/appian-exports and mirrors it to CWD/appian-exports; run it in an isolated envir...
详细分析 ▾
用途与能力
Name, description, required env vars (APPIAN_BASE_URL, APPIAN_API_KEY), and the HTTP endpoints used all align with exporting an Appian application and scanning its XML. The primary credential (base URL) is reasonable.
指令范围
Runtime instructions and the script perform exactly the declared actions (trigger export, poll, download ZIP, parse XML). However the skill explicitly reads credentials from a local fallback file (appian.json or .env in CWD) if environment vars are not set and writes ZIPs to the user's home (~ /appian-exports) and mirrors to CWD/appian-exports when containerized. It also instructs the agent to relay the full raw output verbatim to the user. These behaviors can expose sensitive data and touch files outside a temporary sandbox; they are within the task's scope but are notable security/privacy considerations.
安装机制
No install spec; code is instruction-only plus a JS script. No external downloads or package installs are requested. This minimizes install-time risk.
凭证需求
Only APPIAN_BASE_URL and APPIAN_API_KEY are required — appropriate for the Appian Deployment API. The fallback to reading appian.json/.env in the current working directory means the skill may read credential-like data from disk beyond the declared env vars; this is documented but increases the scope of data access.
持久化与权限
The skill is not marked always:true and does not attempt to modify other skills or global agent settings. It does, however, create persistent files under ~/appian-exports and CWD/appian-exports which may persist sensitive exports on disk.
scripts/index.js:35
Environment variable access combined with network send.
scripts/index.js:22
File read combined with network send (possible exfiltration).
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv1.6.02026/4/14

- Updated scripts/index.js (details not specified). - Version bump to 1.6.0.

● 可疑

安装命令 点击复制

官方npx clawhub@latest install appian-discovertechdebt
镜像加速npx clawhub@latest install appian-discovertechdebt --registry https://cn.clawhub-mirror.com

技能文档

Exports an Appian application and scans every object's (SAIL markup) for references to outdated versioned functions. Appian marks deprecated functions by appending _v to the function name in quoted rule references — e.g. #"SYSTEM_SYSRULES_DOSOMETHING_v1". Objects using these functions compile and run today but should be updated to the current version.

Usage

node {baseDir}/scripts/index.js

示例

node {baseDir}/scripts/index.js _a-0000de15-1f1c-8000-5130-010000010000_12559

IMPORTANT: credentials pre-configured

APPIAN_BASE_URL and APPIAN_API_KEY are already injected by OpenClaw at runtime. Never ask the user for credentials before running this skill. Just execute it with the UUID the user provided.

如何 users 可以 ask 对于

  • "查找 Appian tech debt 在...中 application "
  • "Check Appian 对于 outdated functions 在...中 "
  • "哪个 Appian objects 使用 deprecated SAIL 在...中 "
  • "Audit Appian app 对于 tech debt"

什么 做

  • Calls Appian v2 Deployment Management API 到 导出 application 作为 ZIP.
  • Parses ZIP 在...中-process 使用 节点.js built-ins — one 对象 per XML file, 类型 从 directory name.
  • Iterates every XML file outside META-INF/.
  • Searches 每个 file's content 对于 pattern #"..._v<数字>" (Appian's marker 对于 outdated versioned 函数 references).
  • Prints per-对象 findings 带有 developer-friendly !functionName display names 和 deduplicated summary.

之后 running

Relay 满 skill 输出 到 用户 exactly 作为 printed — 做 不 summarize, paraphrase, 或 omit 任何 lines.

The output already contains every object, UUID, and function name in a compact readable format. Your job is to forward it verbatim, then offer to help further. Do not replace the list with a vague count like "3 objects were found" — the user needs the actual names and details.

External endpoints

  • POST ${APPIAN_BASE_URL}/deployments — triggers 导出
  • 获取 ${APPIAN_BASE_URL}/deployments/{uuid} — polls 对于 completion
  • 获取 — downloads resulting ZIP

Security

  • Credentials (APPIAN_BASE_URL, APPIAN_API_KEY) 读取 从 environment variables (injected 由 OpenClaw 在 runtime). 如果 不 injected, falls back 到 appian.json 在...中 current working directory.
  • ZIP written 到 ~/appian-exports/ 和 mirrored 到 CWD/appian-exports/ 当...时 running 在...中 container.
  • 否 data sent 到 任何 第三个-party 服务.
  • 否 shell commands executed; ZIP extraction uses 节点.js built-在...中 zlib.
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务