ClawHub

通过接口快速创建直播间

v1.0.3

This skill should be used when the user needs to create or configure a CC live streaming room via API, including room creation, authentication setup, and cre...

0· 138·0 current·0 all-time
by@elberren
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, the Python script, and reference docs all describe creating CC live streaming rooms via the CC API (https://api.csslcloud.net). No unrelated services, binaries, or credentials are requested.
Instruction Scope
SKILL.md limits behaviour tightly (explicit conversational steps and mandatory credential prompting). It also instructs never to persist credentials — a conservative rule. One operational note: the included script prints the request URL and response to stdout, which could expose metadata in agent logs; SKILL.md does not explicitly tell the agent to avoid logging those outputs.
Install Mechanism
No install spec or downloads. The skill is instruction-only with a bundled Python script; nothing is pulled from external/untrusted URLs during install.
Credentials
The skill asks the user for CC account userid and api_key at runtime and declares no environment variables or other secrets — this is proportionate. Considerations: the script hardcodes 'publisherpass' and 'assistantpass' to '123456' and uses authtype=2 (passwordless default), which are weak defaults the user should review.
Persistence & Privilege
always is false and the skill includes no code that writes persistent agent configuration. It does not request elevated platform privileges or modify other skills.
Assessment
This skill appears to do what it says: it asks you for your CC account ID and API key and uses them to call CC's room-create API. Before installing or using it: (1) Do not paste credentials into public or persistent chat—follow the SKILL.md instruction to provide them each run and avoid storing them. (2) Be aware the bundled script prints the request URL and response to stdout; those outputs may be captured in agent logs or conversation history, so avoid sharing logs that contain response details. (3) Consider changing the default passwords (publisherpass/assistantpass) and review the room's auth settings after creation (authtype=2 = passwordless by default). (4) If you need the agent to avoid logging entirely, confirm how your agent runtime handles stdout and conversation history. Overall the skill is internally consistent, but practice safe handling of the sensitive credentials it asks for.

Like a lobster shell, security has layers — review code before you run it.

latestvk973gh1tzvefgft59t00hryk2183r72j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments