60s API 综合技能
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill appears benign, but it sends requested lookup terms to the 60s API and may save downloaded media files when asked.
Install only if you are comfortable with the agent making requests to 60s.viki.moe or its backup domains. Do not submit confidential text, secrets, or real passwords to utility endpoints, and review file downloads before letting the agent save them.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When invoked for certain lookups, the agent may make outbound API requests and may save images or audio files in the working directory.
The skill relies on shell curl commands and includes examples that write downloaded media files locally. This is disclosed and aligned with fetching API data, but users should notice the network/file-write behavior.
免费无需认证,所有接口通过 `curl` 调用 ... curl -sL "https://60s.viki.moe/v2/changya" -o song.mp3
Use it for intended lookups, review before downloading files, and avoid overwriting important local filenames.
The external API service and any configured backup domain may receive the user’s query terms and the request’s network metadata.
The skill sends user lookup inputs, such as city names, search keywords, translation text, or IP-query requests, to an external API provider. This is expected for the service but has privacy implications.
api_base: https://60s.viki.moe/v2 ... curl -s "https://60s.viki.moe/v2/weather?query=深圳" ... curl -s "https://60s.viki.moe/v2/ip"
Avoid using this skill with confidential text, secrets, real passwords, or sensitive personal identifiers; prefer the documented primary API domain when possible.