API-Station
v1.0.0伝富AI-API文档技能 - 快速查询和使用302+个AI接口,涵盖聊天、图像、视频、音频、Midjourney等多个类别
⭐ 0· 416·0 current·0 all-time
by@qb-chen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description claim a catalogue of AI endpoints (chat, image, video, TTS, etc.) and the SKILL.md provides concrete endpoints and examples covering those categories. The skill does not request unrelated credentials, binaries, or installs, which matches the stated purpose of being an API-invocation helper.
Instruction Scope
Runtime instructions are focused on calling the documented API endpoints. Sample code shows reading local image files and uploading them to a remote image proxy (imageproxy.zhongzhuan.chat) when generating video — this is coherent with the feature (image→video) but means the agent (or user code) will send local files to an external host. No instructions ask the agent to read unrelated system files or secrets.
Install Mechanism
There is no install spec and no code files; the skill is instruction-only, so nothing is written to disk and there is no package download risk.
Credentials
The skill declares no required environment variables or credentials. The SKILL.md uses an Authorization: Bearer sk-xxx pattern in examples (the user must supply an API token to call the service), which is proportional and expected for an API client. The skill does not request unrelated secrets or cross-service credentials.
Persistence & Privilege
The skill is not always-enabled and does not request elevated/persistent privileges. It does not attempt to modify other skills or system-wide configuration.
Assessment
This skill is essentially a documented client for a third‑party API. Before using it: (1) verify the legitimacy and reputation of the API hosts (https://api.winfull.cloud-ip.cc and https://imageproxy.zhongzhuan.chat); (2) only upload local files you are comfortable sharing—the instructions will send images to an external image proxy to get public URLs; (3) use least-privilege or expendable API keys (do not reuse high-privilege credentials); (4) prefer HTTPS endpoints and inspect responses before sharing downstream; and (5) if you need stronger guarantees, contact the API provider or test with non-sensitive data first.Like a lobster shell, security has layers — review code before you run it.
latestvk97533ycj751fxk1x65jaj6rxn81jv5d
License
MIT-0
Free to use, modify, and redistribute. No attribution required.