ClawHub

jina-deepsearch

v0.0.3

Jina DeepSearch API access via AIHubMix - use curl to call the HTTP API directly.

0· 352·1 current·1 all-time
by@ansatzx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description say 'Jina DeepSearch via AIHubMix' and the SKILL.md issues a curl request to aihubmix.com with AIHUBMIX_API_KEY — the declared binary and env var match the stated purpose. Minor note: homepage is jina.ai while the actual API endpoint used is aihubmix.com; this is plausible (Jina model exposed via a third-party gateway) but worth verifying if you expect direct calls to jina.ai.
Instruction Scope
Runtime instructions are narrowly scoped: they show a single curl POST to https://aihubmix.com/v1/chat/completions and only reference AIHUBMIX_API_KEY and Content-Type. The instructions do not read local files, other env vars, or send data elsewhere.
Install Mechanism
There is no install spec and no code files; this is instruction-only and relies on curl being present. That minimizes on-disk risk.
Credentials
Only one required env var (AIHUBMIX_API_KEY) is requested, which is appropriate for making authenticated calls to AIHubMix. The key name indicates a secret — that is expected and proportional to the skill's function.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent or elevated privileges. Note: disable-model-invocation is false (normal default), so the agent could call it autonomously if allowed by policy.
Assessment
This skill simply runs curl against aihubmix.com using the AIHUBMIX_API_KEY you provide. Before installing: 1) Verify you trust AIHubMix (aihubmix.com) and are comfortable giving it the queries you send — it will receive your request text and any data you include. 2) Confirm whether Jina's model is actually being proxied by AIHubMix (the skill's homepage points to jina.ai while the API host is aihubmix.com). 3) Treat AIHUBMIX_API_KEY as a secret: do not paste it into public places, prefer a scoped or limited API key if available, and rotate/revoke keys you no longer use. 4) Because the skill makes outbound network calls, consider data privacy, cost, and rate limits for your account. Overall the skill appears coherent and low-risk, but verify the provider and key management before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bd7byz04gjvkrrxjat0enax8268c7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis
Binscurl
EnvAIHUBMIX_API_KEY

Comments