Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description ('query internal AI models') matches the SKILL.md and index.js which perform a GET to an AI model-list endpoint. There are no unrelated required binaries, env vars, or config paths.
Instruction Scope
SKILL.md explicitly instructs calling https://cwork-api-test.xgjktech.com.cn/filegpt/t_ai/nologin/aiTypeList. index.js implements a single axios GET to that URL and does not read local files, env vars, or other system state.
Install Mechanism
There is no install spec (instruction-only), but repository includes package.json/package-lock.json listing axios. This is proportional to the task (HTTP request). No arbitrary downloads or extracted archives are present. Runtime may install npm deps, which is expected but worth noting.
Credentials
The skill requests no credentials or config. However it calls an external host (cwork-api-test.xgjktech.com.cn). Although the path includes 'nologin' (no auth), users should verify that the endpoint is a trusted corporate API before allowing calls from the agent, since outbound requests reveal the agent's network traffic and may include headers or metadata.
Persistence & Privilege
The skill does not request permanent presence (always:false), does not modify other skills or system settings, and has normal agent-invocation settings.
Assessment
This skill is coherent and simple: it issues a single unauthenticated GET to a specified API to return available models. Before installing, confirm the endpoint domain (cwork-api-test.xgjktech.com.cn) is legitimate and permitted by your org. Even unauthenticated GETs can leak information (request metadata, IP, headers), so consider running it in an environment with approved outbound network rules. If you prefer, ask the skill author for an official corporate endpoint or documentation and confirm there are no hidden endpoints or requirements. Finally, note the package depends on axios (npm) — ensure your runtime will install dependencies from trusted registries.Like a lobster shell, security has layers — review code before you run it.
latestvk97833x57aaqqpp42ceh0a8rxd83wzx7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.