ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

jisuai-balance

v1.0.0

查询极速AI账户余额和剩余调用次数,自动读取配置并返回账户余额和剩余次数信息。

0· 300·1 current·1 all-time
by@outrice

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for outrice/jisuai-balance.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "jisuai-balance" (outrice/jisuai-balance) from ClawHub.
Skill page: https://clawhub.ai/outrice/jisuai-balance
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install jisuai-balance

ClawHub CLI

Package manager switcher

npx clawhub@latest install jisuai-balance
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match behavior: the skill reads ~/.openclaw/openclaw.json to obtain an API key and queries the Jisui (极速AI / aicodee) balance endpoint. The required actions align with the declared purpose; no unrelated credentials, binaries, or system resources are requested.
Instruction Scope
The SKILL.md and the script both instruct the agent to read ~/.openclaw/openclaw.json to obtain the API key and then call the provider balance API. This is within scope for a balance-check skill, but the script also supports an undocumented alternate config location (skills.entries.jisuai.api_key) in addition to the documented models.providers lookup — that mismatch is minor but worth noting. Important: the HTTP GET uses the API key in the URL query string, which may expose the key in transit, logs, or Referer headers.
Install Mechanism
No install spec is provided (instruction-only with a small included script). Nothing is downloaded or written to disk by an installer. The only code is the provided script which will be executed to perform the query.
Credentials
The skill requests no environment variables or external credentials beyond reading the user's OpenClaw config file for the API key, which is necessary for the stated function. The file access is proportional to the task, but it does access a local config containing secrets (API key).
Persistence & Privilege
always is false and the skill does not request permanent platform-level privileges. It only reads the user's OpenClaw config file and does not modify other skills or system-wide settings.
Assessment
This skill appears to do what it says: it will read ~/.openclaw/openclaw.json to find your 极速AI/aicodee API key (it also looks for a skills.entries.jisuai.api_key variant), then call the provider's balance endpoint and return total/num. Before installing, consider: 1) The balance API is invoked over plain HTTP and the API key is passed in the URL query string — that can expose the key in transit, in network logs, or via Referer headers. Prefer a skill that uses HTTPS or a POST body for keys. 2) The script will read your OpenClaw config file; ensure that file contains only expected secrets and that you trust the domain v2api.aicodee.com / v2.aicodee.com. 3) If you are concerned, rotate the API key after testing, or modify the script to use HTTPS and send the key in a safer way. 4) The SKILL.md and script are mostly consistent, but the script's extra lookup path (skills.entries.jisuai.api_key) is undocumented — verify where your key is stored. If you trust the provider and accept the transport risk, the skill is coherent and functional; otherwise avoid installing or request a secure-transport update (HTTPS).

Like a lobster shell, security has layers — review code before you run it.

latestvk9700yn3pfq5c1gtpv729bcc8x83djmf
300downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@outrice
latest
Download

极速AI余额查询

触发词

  • "查询极速AI余额"
  • "查询极速AI余额次数"
  • "极速AI还剩多少次"
  • "极速AI余额"

自动读取配置

技能会自动从 ~/.openclaw/openclaw.json 读取极速AI的 API Key:

  • 查找 models.providers 中 baseUrl 为 https://v2.aicodee.com 的配置
  • 读取对应的 apiKey

客户无需额外配置(如果已配置过极速AI的 API Key)

API 调用

  • 余额查询地址:http://v2api.aicodee.com/chaxun/balance?key={api_key}
  • API Key 从 OpenClaw 配置中自动读取

返回 JSON 格式:

{
  "success": true,
  "total": 100.00,
  "num": 1000
}
  • total: 账户余额(美元)
  • num: 剩余次数

执行方式

运行 scripts/check_balance.py

返回格式

根据用户询问的内容返回:

  • 问余额 → 您的账户余额为:${total}
  • 问次数 → 您剩余次数:{num}次
  • 都问 → 您的账户余额为:${total},剩余次数:{num}次

错误处理

  • success: false → 显示 message 错误信息
  • API 调用失败 → 查询余额失败,请稍后重试
  • 未配置 → 未配置极速AI API Key,请在 OpenClaw 配置中添加

Comments

Loading comments...