ClawHub

Miaoda App Builder

v1.0.11

Create, modify, generate, and deploy websites, web apps, dashboards, SaaS products, internal tools, interactive web pages, Weixin mini program , games on the...

6· 1.4k·9 current·9 all-time
by@seiriosplus
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the observed behavior: a Python CLI wrapper that talks to the Miaoda API to create, modify, and publish apps. Requested items (python3 and MIAODA_API_KEY) are reasonable and proportional to the stated purpose.
Instruction Scope
SKILL.md instructs the agent to use the included CLI (python scripts/miaoda_api.py) and to set MIAODA_API_KEY; it does not direct reading unrelated files or exfiltrating data. Minor note: the CLI also accepts/reads MIAODA_BASE_URL (or --base-url) as an override, but that env var is not listed in the skill metadata; this is an implementation detail rather than a scope creep.
Install Mechanism
No install spec is provided (instruction-only with a bundled script). The script depends on the third-party 'requests' package and will exit with an error if it's missing, but it does not download or run arbitrary code from unknown URLs.
Credentials
Only MIAODA_API_KEY is required (declared as the primary credential), which aligns with a networked platform client. Small inconsistency: the script recognizes MIAODA_BASE_URL as an alternative env var but the skill metadata does not declare it; otherwise no unrelated secrets or excessive env variables are requested.
Persistence & Privilege
The skill is not always-enabled and does not request system persistence. The CLI is described as stateless and the skill does not attempt to modify other skills or system-wide agent settings.
Assessment
This skill appears to be a straightforward Python CLI client for the Miaoda platform. Before installing or enabling it: (1) only provide an API key you trust — MIAODA_API_KEY grants the skill access to your Miaoda account and its resources (projects, deploys, billing); (2) be aware the tool will make network calls to api.miaoda.cn (or a base URL you provide) and requires the 'requests' Python package; (3) if you are cautious, review scripts/miaoda_api.py (included) to confirm behavior and to check for any endpoints or logging you don't want; (4) do not provide unrelated credentials — the skill does not need other tokens. If you want tighter control, create a limited-scope API key on Miaoda (if the platform supports it) rather than a full-power account key.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ckpc7948c9dm3tmfqdp89k5839m48

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3
EnvMIAODA_API_KEY
Primary envMIAODA_API_KEY

Comments