ClawHub

DeepSeep Intergration

v1.0.0

Integrates DeepSeek API with agents for code generation, problem solving, and analysis using configurable API endpoints.

0· 996·11 current·11 all-time
by@barisoezcan1905
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's name/description claim a DeepSeek API integration, but the included tool implementation is a stub that does not call any network endpoint or use an API key. SKILL.md asks users to set DEEPSEEK_API_KEY, yet the skill manifest lists no required env vars and the code never reads any environment variables—this is an incoherent/unfinished implementation.
Instruction Scope
SKILL.md gives high-level usage (code generation, analysis) and instructs setting DEEPSEEK_API_KEY, but provides no concrete runtime instructions or endpoints. The instructions are vague and grant the agent broad discretion to 'use' DeepSeek without defined calls. Currently the runtime instructions do not match the actual tool behavior (the tool merely echoes prompts).
Install Mechanism
No install spec is provided and the skill is instruction+small node tool only. Nothing will be downloaded or extracted during install, which keeps install risk low.
!
Credentials
SKILL.md requests DEEPSEEK_API_KEY, but requires.env is empty and the JS tool does not read any credentials. Requiring an API key in docs without declaring it or using it in code is inconsistent and could mislead users into providing secrets unnecessarily.
Persistence & Privilege
The skill does not request always:true and contains no code to modify other skills or system configuration. It appears to have standard, limited privilege if installed.
What to consider before installing
This package appears incomplete and inconsistent rather than actively malicious. Before installing or providing secrets: (1) ask the author for a clear implementation timeline or source of the DeepSeek API calls; (2) do not set or share DEEPSEEK_API_KEY with this skill until the code actually uses it and you can verify the endpoint; (3) review any future code changes to ensure network calls go to an expected, documented DeepSeek endpoint (not a third-party URL); and (4) prefer testing in a sandboxed environment. If you need a working DeepSeek integration now, request an update that shows concrete network logic and a declared required env var in the manifest.

Like a lobster shell, security has layers — review code before you run it.

latestvk970721vh1hycx2yfp7ejtrbe981k5ht

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments