AI写真助手
PassAudited by VirusTotal on May 6, 2026.
Overview
Type: OpenClaw Skill Name: ai-photo-assistant Version: 1.0.0 The AI Photo Assistant skill is a straightforward implementation of a customer service bot for an AI photography service. It retrieves a DeepSeek API key from environment variables or the local OpenClaw configuration file (~/.openclaw/openclaw.json) to interact with the official DeepSeek API. The code in assistant.js is transparent, lacks obfuscation, and directs users to a Punycode domain (www.xn--ehqw44a690c.com, which translates to '小龙虾') that is consistent with the service's branding.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may consume the user's DeepSeek account quota or billing credits.
The helper uses a DeepSeek API key from the environment or local OpenClaw provider config. This is consistent with DeepSeek-powered replies, but it can use the user's provider credential and API quota.
let KEY = process.env.DEEPSEEK_API_KEY || ''; ... readFileSync(path.join(process.env.HOME,'.openclaw/openclaw.json'),'utf8')); KEY = KEY || c.models?.providers?.deepseek?.apiKey || '';
Only use it if you are comfortable with the skill using your DeepSeek key; the publisher should declare this credential requirement clearly.
Questions or text provided to the helper may be transmitted to DeepSeek.
User prompts are sent to DeepSeek's chat completion API. This external provider use is aligned with the stated DeepSeek AI reply feature.
messages:[{role:'system',content:'你是AI写真馆的小龙虾客服...'}, {role:'user',content:prompt}] ... https.request({hostname:'api.deepseek.com',path:'/v1/chat/completions'Avoid entering private or sensitive information unless you are comfortable sharing it with the DeepSeek provider.