API-Station
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: ai-api-transit-station Version: 1.0.0 The skill bundle is designed to provide an AI agent with the ability to interact with the 伝富AI-API platform for various AI capabilities (chat, image, video, audio, etc.). The `SKILL.md` file serves as documentation, providing API endpoints, authentication methods, and Python/curl code examples. While the skill demonstrates the capability to read local files (e.g., `reference_image.jpg`, `audio.mp3`) and upload them to external services (`imageproxy.zhongzhuan.chat`, `api.winfull.cloud-ip.cc`), this functionality is directly tied to the stated purpose of the AI APIs (e.g., image-to-video, audio transcription). There is no evidence of intentional malicious behavior, such as data exfiltration of sensitive system files, unauthorized command execution, persistence mechanisms, or deceptive prompt injection attempts against the agent. The instructions are clear and align with the skill's stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may help make many kinds of API calls through the third-party platform, which could use quota, incur costs, or send user-provided content externally.
The skill intentionally enables broad third-party API invocation. This is aligned with its purpose, but the large API surface can create cost, quota, or unintended-call risk if not kept user-directed.
本技能帮助你调用伝富AI-API平台的302+个API接口。当用户需要调用AI能力时,使用此技能。
Use the skill only for explicit API tasks, confirm paid or high-volume calls, and keep endpoint use scoped to the user's current request.
Anyone or any code with the token may be able to use the user's API account or consume paid credits.
The skill requires an API bearer token for calls. This is expected for an API integration, but the token may grant access to the user's account, quota, billing, or generated assets.
**认证方式**: 所有请求必须在Header中携带Bearer Token Authorization: Bearer sk-xxxxxxxx
Verify the provider before creating or funding an account, avoid hard-coding real tokens in shared files or chat, and use a scoped or disposable token where possible.
Private or sensitive images could be exposed outside the local environment if uploaded as reference media.
The skill documents uploading local reference images to a separate image-hosting service to obtain a public URL. This is disclosed and purpose-aligned for image-to-video workflows, but it sends local media to an external service and may make it publicly reachable.
必须先将图片上传到图床获取公网URL ... POST https://imageproxy.zhongzhuan.chat/api/upload
Upload only non-sensitive files, confirm the exact file before upload, and review the provider's retention and sharing behavior before using it for private media.