AIPyApp - AI自动化任务执行工具
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is a broad AI Python automation runner that can install packages and execute generated scripts, so users should review and sandbox it before use.
Install and run this only if you are comfortable with an AI tool generating and executing Python code on your machine. Use a virtual environment or container, avoid system-wide installs, disable automatic installs/result sharing unless needed, keep API keys scoped and protected, and do not run it against sensitive files without reviewing the planned actions.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A bad prompt, model error, or malicious input could cause generated code to modify files, access local data, install packages, or make network requests.
The skill explicitly delegates to an AI tool that writes and runs Python code and installs dependencies, which is powerful local code execution without documented sandboxing or approval gates.
自动:... 编写并执行 Python 脚本 ... 安装所需依赖
Use this only in an isolated virtual environment or container, review generated code and package installs before running, and avoid giving it access to sensitive directories.
The tool may take consequential actions such as installing dependencies or sharing outputs as part of a task without the user clearly seeing each step.
The example configuration enables automatic installation and result sharing, but the artifacts do not explain approval, scope, or safety controls for those actions.
workdir = "work" share_result = true auto_install = true
Disable automatic installs and result sharing unless needed, and require explicit confirmation before package installation, file mutation, or data sharing.
A changed or compromised package could execute during install, and the install may alter the system Python environment rather than a contained project environment.
The installer uses system package installation and an unpinned PyPI package, with `--break-system-packages`, creating supply-chain and environment-integrity risk.
apt update && apt install -y python3-full python3-pip python3 -m pip install aipyapp --break-system-packages
Prefer a virtual environment, pin package versions and hashes, avoid `--break-system-packages`, and install only from verified sources.
Anyone or any generated code that can read the config may be able to use the LLM API key.
The skill requires LLM provider credentials in a local config file; this is expected for the stated purpose, but it grants access to the user's provider account and quota.
api_key = "your-key" base_url = "https://api.openai.com/v1"
Use a limited-scope or dedicated API key, restrict file permissions on `~/.aipyapp/aipyapp.toml`, and avoid placing real keys in shared logs or prompts.
If the server is exposed beyond the local machine or lacks access controls, other callers could potentially trigger automation tasks.
The skill documents an HTTP API server mode for integration, but the artifacts do not describe authentication, bind address, or network exposure.
# 方式2: HTTP API 服务器 (n8n 集成) aipy agent
Run server mode only when needed, bind it to localhost or a trusted network, add authentication where available, and stop it after use.
Sensitive task content or poisoned context could influence later actions within the same workflow.
The configuration shows large context management for multi-round tasks, which is consistent with an AI automation tool but may carry substantial task data between steps.
[context_manager] strategy = "hybrid" max_tokens = 100000 max_rounds = 10
Avoid processing secrets unless necessary, clear work/context data between unrelated tasks, and review what the tool stores in its work directory.