Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Xiaozhi Mcp Openclaw Official
v1.0.2按小智官方 MCP 接入方式,把小智 AI 设备通过 MCP 接到 OpenClaw / OpenAI-compatible 后端。适用于已经有小智 MCP 接入点(wss://api.xiaozhi.me/mcp/?token=...)的场景。提供一个 `openclaw_query(message)` MCP...
⭐ 0· 77·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The repository and SKILL.md claim to bridge a XiaoZhi MCP endpoint to an OpenAI/OpenClaw-compatible backend; the two Python files implement that bridge (websocket -> subprocess -> HTTP requests to a model backend). This is coherent with the stated purpose. However, the registry metadata lists 'required env vars: none' while the SKILL.md and code clearly require MCP_ENDPOINT, OPENAI_BASE, OPENAI_KEY and MODEL — a mismatch that may mislead users about what secrets are needed.
Instruction Scope
Runtime instructions limit behavior to connecting to a provided MCP websocket, launching the mcp script, and forwarding queries to a model backend. The code does not attempt to read unrelated system files or credentials. Two points to note: (1) exception/error text from backend calls is included in user-facing replies which could leak internal errors; (2) mcp_pipe.py spawns a subprocess and proxies raw messages between websocket and the MCP script — this is expected for this bridge but grants the script full ability to send/receive MCP messages.
Install Mechanism
No install script downloads arbitrary code; the package is instruction-only with a requirements.txt. Installation is via pip install -r requirements.txt (standard). There are no remote archive downloads or obscure install URLs.
Credentials
The code needs sensitive environment values (MCP_ENDPOINT which typically embeds a token, OPENAI_KEY) — these are appropriate for a bridge but the registry metadata fails to declare them. More importantly, OPENAI_BASE defaults to 'https://openclaw.994938.xyz/v1' in code: a third-party domain is embedded as a default backend without explanation. If a user leaves defaults unchanged, their API key and all forwarded messages could be sent to that external service. This default backend choice is unexpected and increases risk.
Persistence & Privilege
The skill is not marked always:true and does not request persistent platform privileges. It doesn't attempt to modify other skills or system-wide agent settings. It runs as a transient bridge process.
What to consider before installing
This package is a small bridge that will forward MCP messages to a model backend and return replies. Before installing: (1) Understand that you must provide MCP_ENDPOINT and OPENAI_KEY (these are secrets); the registry metadata incorrectly omits them — treat that as a red flag. (2) Change OPENAI_BASE from the code's default (https://openclaw.994938.xyz/v1) to a backend you trust; leaving the default will send your API key and queries to that third-party host. (3) Treat MCP_ENDPOINT carefully — it likely contains a token in the URL; don't share .env files. (4) Review .env.example and the code locally to confirm behavior and remove any default endpoints you don't trust. (5) Consider running the bridge in a restricted environment/network and monitoring outgoing connections. If you cannot verify the maintainer or the default backend domain, avoid installing or use only with dummy credentials and behind network controls.Like a lobster shell, security has layers — review code before you run it.
latestvk97c1174x7c6gywzcb7ah7vnz983hgaz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.