万能祝福语生成器
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly a normal blessing-text generator, but its script can use existing API keys and may send an OpenAI key to DeepSeek by default.
Use this skill only if you are comfortable sending the blessing prompt details to an external LLM provider. Before running it, explicitly set the intended provider key and matching API_BASE, and avoid running it in an environment where unrelated OPENAI_API_KEY credentials are present.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user’s unrelated OpenAI API key could be exposed to or used with the wrong provider, creating account and billing risk.
The script prioritizes OPENAI_API_KEY but defaults the API endpoint to DeepSeek, so an existing OpenAI key could be sent as a Bearer token to DeepSeek unless the user explicitly changes the environment.
API_KEY = os.environ.get("OPENAI_API_KEY") or os.environ.get("DEEPSEEK_API_KEY", "")
API_BASE = os.environ.get("OPENAI_API_BASE", "https://api.deepseek.com")
...
headers={"Content-Type": "application/json", "Authorization": f"Bearer {API_KEY}"}Only run with the intended provider key set, ensure API_BASE matches the key being used, and update the skill to pair provider-specific keys with provider-specific endpoints.
Personal relationship details or sensitive recent events entered for personalization may be shared with the configured LLM provider.
User-provided recipient details and recent-status context are included in the LLM prompt and sent to the configured external API endpoint.
recent_hint = f"\n对方近况:{recent}(请在祝福中融入这些信息,使祝福更个性化)" if recent else ""
...
req = urllib.request.Request(f"{API_BASE}/chat/completions", data=payload,Avoid entering highly sensitive personal information, and verify the API_BASE/provider before use.
The platform may not warn users that the skill needs an external LLM credential and network call.
The registry metadata does not declare the API-key credential dependency that is documented in README.md and used by the script.
Required env vars: none Env var declarations: none Primary credential: none
Declare the required/optional API key environment variables and external provider capability in metadata.
Using the skill runs local code, though the provided code is simple and scoped to generating text through an LLM API.
The skill invokes a bundled local Python script. This execution is directly tied to the stated blessing-generation purpose and no unrelated shell behavior is shown.
exec: python3 SKILL_DIR/scripts/generate_blessing.py \ --festival "妇女节" \ --target "妈妈"
Review the script before use and run it only in an environment with the intended API credentials available.