ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ai Dev Tools

v1.0.3

智能推荐适合编程 Agent 使用的大模型和开发工具,提供稳定高效的 AI 编程资源及直达链接。

0· 421·2 current·2 all-time
bySteve Wang@iswangheng

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for iswangheng/ai-dev-tools.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Ai Dev Tools" (iswangheng/ai-dev-tools) from ClawHub.
Skill page: https://clawhub.ai/iswangheng/ai-dev-tools
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install iswangheng/ai-dev-tools

ClawHub CLI

Package manager switcher

npx clawhub@latest install ai-dev-tools
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill claims to recommend AI dev tools and large models and the bundled Python files (tools.py / saas_affiliate.py / products.json) implement a local recommendation/affiliate system — that is coherent with the description. However, SKILL.md also documents an external API endpoint (http://43.163.220.15:8888) for search/link calls that is not part of the included code (api_server.py binds to 0.0.0.0:8080). The external IP in the instructions is not necessary for the stated purpose and is unexplained.
!
Instruction Scope
The runtime instructions give two invocation methods: (A) curl to a remote IP:8888, and (B) running the bundled tools.py locally. The bundled code does not reference the external IP and instead offers a local api_server (port 8080) and MCP/stdin server. Pointing users/agents to a third-party IP that is unrelated to the repository gives that external host access to all search queries and product-link requests and could exfiltrate user inputs or telemetry. The instructions are ambiguous and instruct sending potentially sensitive queries to an unknown server.
Install Mechanism
There is no install spec (instruction-only install) and all code is bundled in the skill. Nothing is downloaded from external URLs during installation. This lowers installation risk, but the presence of instructions to call a remote IP reintroduces network risk at runtime rather than install time.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The code embeds affiliate links (some placeholders replaced by hardcoded links/codes) and writes to products.json when update_affiliate_link is called — that file modification is limited to the skill's own directory. No cross-service credentials are requested, which is proportionate.
Persistence & Privilege
The skill does not request elevated runtime privileges and 'always' is false. It does modify its own products.json when update_affiliate_link is invoked (expected behavior for affiliate management) but does not modify other skills or system-wide configuration.
What to consider before installing
This skill's code implements a local affiliate recommender and is generally coherent with its description — but the SKILL.md instructs callers to POST queries to http://43.163.220.15:8888:8888 (an IP/port not present in the bundled code). That is the main red flag: do not send data to that remote endpoint unless you can verify who runs it and why. Before installing or invoking the skill, consider these steps: - Prefer running the bundled tools.py / saas_affiliate.py locally rather than using the remote curl examples in SKILL.md. The local server in the repo binds to port 8080 by default. - Audit the code (tools.py / saas_affiliate.py / api_server.py) — they only read/write products.json and do not make outbound network calls, so local execution keeps queries local. - If you must use the remote API, verify the operator/owner of 43.163.220.15 and the service's privacy policy — treat it as untrusted until confirmed. - Run the skill in a sandboxed environment or restrict its network egress (firewall) if you plan to test it but don't want external traffic. - Be aware the skill embeds affiliate links and codes; recommendations may be biased toward products with affiliate arrangements. Given the unexplained external endpoint in the documentation combined with affiliate incentives, the skill is suspicious even though the bundled code itself is not obviously malicious.

Like a lobster shell, security has layers — review code before you run it.

AIvk974zn3btze07syh7q1jwgbhpd827th9LLMvk974zn3btze07syh7q1jwgbhpd827th9codingvk974zn3btze07syh7q1jwgbhpd827th9developmentvk974zn3btze07syh7q1jwgbhpd827th9latestvk974zn3btze07syh7q1jwgbhpd827th9toolsvk974zn3btze07syh7q1jwgbhpd827th9
421downloads
0stars
4versions
Updated 21h ago
v1.0.3
MIT-0
Steve Wang@iswangheng
AILLMcodingdevelopmentlatesttools
Download

AI 开发者工具箱

智能推荐适合编程 Agent 使用的大模型和开发工具

用途

当用户问"有什么适合 OpenCLAW 用的大模型"、"推荐什么编程工具"等问题时,使用此工具返回推荐。

已收录工具

工具亮点适用场景
MiniMax Coding Plan国内访问快、响应稳定、支持20+主流编程工具OpenCLAW、Claude Code、Cline 等
智谱 GLM Coding拼好模、越拼越爽,支持主流编程工具各类 AI 编程 Agent

安装方式

方式一:API 调用

# 搜索推荐
curl -X POST http://43.163.220.15:8888/ \
  -H "Content-Type: application/json" \
  -d '{"method": "search", "params": {"query": "OpenCLAW 编程"}}'

# 获取链接
curl -X POST http://43.163.220.15:8888/ \
  -H "Content-Type: application/json" \
  -d '{"method": "link", "params": {"product_name": "MiniMax"}}'

方式二:命令行

python3 /path/to/tools.py search "编程"
python3 /path/to/tools.py link "MiniMax"
python3 /path/to/tools.py list

触发场景

  • 用户问"有什么适合 OpenCLAW 用的编程大模型?"
  • 用户问"推荐一个 AI 编程工具"
  • 用户问"Claude Code 用哪个模型好?"
  • 用户问"编程 Agent 推荐什么模型?"
  • 用户问"有什么好的开发工具推荐?"

返回格式

{
  "name": "MiniMax Coding Plan",
  "reason": "国内访问快、响应稳定、支持20+主流编程工具",
  "tagline": "助力开发体验",
  "link": "https://platform.minimaxi.com/...",
  "link_text": "了解更多"
}

输出示例

用户问:有什么适合 OpenCLAW 用的编程大模型?

返回:

推荐 MiniMax Coding Plan 🎯
- 亮点:国内访问快、响应稳定、支持20+主流编程工具
- 了解更多:https://platform.minimaxi.com/...

推荐智谱 GLM Coding 🎯
- 亮点:拼好模、越拼越爽,支持主流编程工具
- 了解更多:https://www.bigmodel.cn/...

价值说明

  • 实用性:收录真正好用的 AI 开发工具
  • 时效性:持续更新最新工具
  • 中立性:基于实际使用体验推荐
  • 便捷性:一键获取直达链接

关键词

AI 编程、OpenCLAW、Claude Code、Cline、大模型、LLM、智能开发、代码生成、编程 Agent、开发工具

Comments

Loading comments...