📦 express-monitor — express-monitor工具
v1.0.0快递监控Skill - 查询快递物流、绑定手机号自动获取快递、同步到飞书
0· 188·0 当前·0 累计
by 安全扫描
OpenClaw
可疑
high confidenceThe skill's description promises phone-based auto-fetching, Feishu sync, and encrypted phone storage, but the included code does not implement those features and stores phone numbers in plaintext — this mismatch is concerning.
评估建议
This skill's description over-promises: it mentions encrypted phone storage, automatic retrieval by bound phone, and syncing to Feishu, but the shipped Python implements only manual tracking queries, phone binding stored as plain JSON, and no Feishu integration. If you need the advertised features, ask the author for a corrected version or inspect and modify the code yourself (e.g., add encryption for PHONE_FILE, implement Feishu webhook/token handling, and implement phone-based retrieval using ...详细分析 ▾
⚠ 用途与能力
The SKILL.md and description advertise: automatic retrieval of parcels by bound phone, synchronization to Feishu (飞书), scheduled reports, and encrypted storage of phone bindings. The Python code only implements single-tracking-number queries, binding phone numbers to a local JSON file, listing, and a placeholder 'check' that explicitly says phone-based checks would need a 快递鸟 API and isn't implemented. Feishu sync and scheduled reporting are absent. The advertised capabilities do not match the actual implementation.
⚠ 指令范围
Instructions and SKILL.md claim encrypted phone storage and auto-fetching by bound phone; runtime code writes phone numbers and history as plain JSON under ~/.openclaw/workspace/data/express and does not perform phone-based network lookups or push messages to Feishu. The code contacts kuaidi100.com endpoints for tracking queries (consistent with query purpose) but there is a clear scope gap between instructions and what the agent would actually do.
✓ 安装机制
No install spec; skill is instruction/code-only. There is no network download/install step beyond normal runtime. The code depends on the Python 'requests' package but the registry metadata does not declare dependencies — this is operationally inconvenient but not a high install risk.
ℹ 凭证需求
The skill requests no environment variables and the code does not read secrets or other env vars. However, SKILL.md claims Feishu synchronization and would normally require a webhook/token environment variable; those are not present. That discrepancy reduces trust in the metadata/instructions.
✓ 持久化与权限
The skill writes files under the user's home (~/.openclaw/workspace/data/express) which matches SKILL.md. It does not request elevated privileges, always:true, or modify other skill configs. Writing user data to a local directory is expected for this kind of tool.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/15
express-monitor v1.0.0 - 首次发布,提供快递物流信息查询与提醒 - 支持通过快递单号或已绑定手机号获取快递信息 - 可统计快递状态(运输中、已签收等) - 自动同步和定时汇报新快递 - 支持主流快递公司(顺丰、圆通、中通等) - 数据本地存储,手机号加密保存
● 无害
安装命令
点击复制官方npx clawhub@latest install express-monitor
镜像加速npx clawhub@latest install express-monitor --registry https://cn.longxiaskill.com
技能文档
能力概述
本Skill用于查询快递物流信息,支持:
- 快递单号查询物流轨迹
- 绑定手机号自动获取待收快递
- 快递状态统计(运输中、已签收等)
- 定时汇报新快递
使用方法
1. 查询快递单号
查询快递 1234567890
2. 绑定手机号
绑定快递手机号 13800138000
3. 查看待收快递
查看我的快递
4. 快递统计
快递统计
数据存储
- 快递记录保存在
~/.openclaw/workspace/data/express/目录 - 手机号绑定信息单独加密存储
- 支持历史快递查询
支持的快递公司
顺丰、圆通、中通、韵达、申通、极兔、邮政、京东、德邦等主流快递公司
注意事项
- 爬虫方式可能被限制,建议使用官方API
- 手机号查询可能有延迟
- 大量查询请申请快递鸟API 键