ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AI/ML API LLM + Reasoning for OpenClaw

v1.0.1

Run AIMLAPI LLM and reasoning workflows through chat completions with retries, structured outputs, and explicit User-Agent headers. Use when Codex needs scripted prompting/reasoning calls against AIMLAPI models.

2· 1.2k·2 current·3 all-time
byAI/ML API@aimlapihello
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name, README, SKILL.md and scripts consistently implement AIMLAPI chat + reasoning calls and require only AIMLAPI_API_KEY. However, the package metadata is incomplete: source is 'unknown', homepage is missing, and the embedded _meta.json ownerId/version differ from the registry metadata — this reduces provenance/traceability but does not change the script's stated purpose.
Instruction Scope
SKILL.md and run_chat.py stay within scope: they build a /chat/completions payload, send it to api.aimlapi.com, and optionally write the response to a user-specified file. The script only reads AIMLAPI_API_KEY (env) or an --apikey-file if explicitly provided; it does not scan other system files or attempt to exfiltrate unrelated data.
Install Mechanism
There is no install spec (instruction-only with one helper script). Nothing is downloaded or executed automatically — lowest-risk install footprint.
Credentials
The only required credential is AIMLAPI_API_KEY (declared as primaryEnv), which is proportionate. One caveat: the optional --apikey-file flag will read any file path you supply, so users must avoid pointing it at unrelated secret/config files.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system configs, and does not persist credentials itself. It runs only when invoked.
Assessment
This skill appears to do exactly what it claims: a small helper to call AIMLAPI chat completions. Before installing/use: 1) verify the code if you can (source and homepage are missing and embedded metadata mismatches the registry), 2) only provide a dedicated AIMLAPI API key (use a least-privilege key and rotate if necessary), 3) avoid using --apikey-file with paths that contain other secrets, and 4) don't include private data in --extra-json since that is sent to the remote API. If you need stronger assurance, ask the publisher for a canonical homepage or repository and confirm the ownerId/version mismatch is intentional.

Like a lobster shell, security has layers — review code before you run it.

aiml apivk97cd1tqsg0y88n9v52fw2shg580yftblatestvk97e3w5f0rvys3xxadr2zq47e580y0h1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments