Wolai API 技能
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Wolai API helper, but it relies on a permanent read/write Wolai token, so users should scope permissions carefully and protect the token.
Install only if you want the assistant to operate Wolai through your app token. Create a dedicated Wolai app with least privilege, add it only to the pages/databases you intend to manage, store the token securely, and review any write/update request before it runs.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent action using this token could read or modify Wolai pages/databases within the app's granted permissions.
The skill requires a permanent Wolai app token with read and write capabilities. This is expected for a Wolai API skill, but it is high-impact account authority.
WOLAI_TOKEN: description: "wolai App Token(永久有效,expire_time: -1)..." required: true ... "读取页面内容" / "插入页面内容" / "更新页面内容"
Use a dedicated Wolai app, grant only the minimum needed permissions, add the app only to intended pages, store the token in a secret/environment variable rather than ordinary chat, and rotate it if exposed.
A mistaken or overly broad request could insert or update content in the wrong Wolai page or database.
The documented PowerShell helper accepts arbitrary API method/path/body values under the Wolai API base URL and includes content/database write workflows. This is central to the stated purpose, but it can mutate user content.
function Invoke-WolaiApi { param([string]$Method = "GET", [string]$Path, [hashtable]$Body = $null...) } ... "向页面写入/追加内容" ... "向数据库插入行"Confirm write operations before running them, verify page/database IDs, keep batches small, and prefer read-only checks before making changes.
Users may be unsure exactly which skill version or documentation revision they are installing.
The provided _meta.json version differs from the registry version 1.0.7 and the SKILL.md frontmatter version 1.0.6. This is not evidence of malicious behavior, but it makes release provenance less clear.
"version": "1.0.5"
Verify the package/repository source and intended version before relying on the skill for important Wolai updates.