One API Calling GenAI
ReviewAudited by ClawScan on May 1, 2026.
Overview
This skill looks like a normal instruction-only wrapper for a GenAI CLI, but users should verify the external package and protect API keys, URL-download, and MCP settings.
Before using this skill, verify the genai-calling package, prefer a pinned/isolated install, use limited provider API keys with spending controls, keep .env files private, and do not enable public MCP or private URL-download settings unless you understand and need them.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent may run code fetched from a package registry; a compromised or unexpected package could affect prompts, files passed to the CLI, or provider credentials.
The skill relies on executing an external package that is not included in the provided artifacts. This is purpose-aligned for a CLI wrapper, but users should verify the package source/version before using it with credentials.
uvx --from genai-calling genai --model openai:gpt-4o-mini --prompt "Hello" ... python -m pip install --upgrade genai-calling
Verify the package publisher and documentation, consider pinning a known-good version, and run it in an isolated environment before supplying API keys.
Misused or overbroad keys could incur provider costs or expose account access for services such as OpenAI, Google, Anthropic, Aliyun, Volcengine, or Tuzi.
The skill expects provider account credentials and suggests storing reusable keys in a user-wide env file. This is expected for the stated purpose but grants the CLI authority to use those provider accounts.
Put reusable provider credentials in `~/.genai-calling/.env` ... OpenAI: `OPENAI_API_KEY` ... Google (Gemini): `GOOGLE_API_KEY` ... Anthropic (Claude): `ANTHROPIC_API_KEY`
Use least-privilege or project-specific keys where possible, set spending limits, protect env files from other users/processes, and revoke keys if they are exposed.
If exposed publicly or configured with weak tokens, other clients could potentially use the MCP service and consume the user's configured provider access.
The skill documents MCP server settings, including optional public exposure and bearer-token rules. The default shown is localhost and authentication is documented, but MCP exposure can create a boundary between other clients/agents and provider credentials.
GENAI_CALLING_MCP_HOST=127.0.0.1 ... GENAI_CALLING_MCP_PUBLIC_BASE_URL= ... # GENAI_CALLING_MCP_BEARER_TOKEN= ... # GENAI_CALLING_MCP_TOKEN_RULES=token1: [openai google]
Keep MCP bound to localhost unless public access is necessary, require strong bearer tokens, narrow token rules to the minimum provider/model access needed, and avoid publishing the endpoint casually.
If private URL access is enabled, a mistaken or malicious prompt/workflow could cause the CLI to retrieve internal or local resources that the user did not intend to expose.
The runtime supports URL downloading and an option to allow private or loopback URLs. This is disclosed and appears optional, but enabling it could let workflows fetch local or internal-network resources.
`GENAI_CALLING_URL_DOWNLOAD_MAX_BYTES` (default: `134217728`) ... `GENAI_CALLING_ALLOW_PRIVATE_URLS` (`1/true/yes` to allow private/loopback URL download)
Leave private/loopback URL downloading disabled unless explicitly needed, and review any URL-based inputs before sending them through provider workflows.