ClawHub

Cstcloud Web Search

v1.0.2

使用中国科技云(CSTCloud)Web Search API 进行网络搜索。无需 Brave/Perplexity 等国外 API key,适合国内用户,直接通过"帮我搜 xxx"调用。

0· 49·0 current·0 all-time
by@shcw0405
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description say it uses CSTCloud Web Search and the packaged script and SKILL.md only require curl/jq/bash and CSTCLOUD_API_KEY — all of which are appropriate and expected for a simple REST API client.
Instruction Scope
SKILL.md and the shell script limit actions to forming a POST to the declared endpoint, validating JSON, and printing results. The instructions do not read unrelated files or environment variables, nor do they exfiltrate data to unknown endpoints.
Install Mechanism
This is instruction-only (no install spec). The included shell script is benign and uses standard curl/jq. No remote downloads or archive extraction are performed by the skill itself.
Credentials
The skill requires a single API key (CSTCLOUD_API_KEY) which is used only to set the Bearer Authorization header for requests to the declared CSTCloud endpoint. No unrelated credentials or config paths are requested.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It only expects the user to set an environment variable and optionally install the script.
Assessment
This skill appears coherent and limited to querying CSTCloud's web-search API. Before installing: (1) Verify you trust the CSTCloud endpoint (https://uni-api.cstcloud.cn) and the publisher (check the linked GitHub repo and homepage); (2) Keep your CSTCLOUD_API_KEY secret — the key will be sent to the declared API host as a Bearer token; (3) If you install via third-party tools (npx clawhub), review those tools' behavior; (4) Note a minor metadata mismatch (included _meta.json differs in owner/version from registry metadata) — this is likely benign but you may want to confirm the published package/version on the repository prior to use.

Like a lobster shell, security has layers — review code before you run it.

latestvk978c77qbh6s315ecgzr5wfkvx840s9m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis
Binsbash, curl, jq
EnvCSTCLOUD_API_KEY
Primary envCSTCLOUD_API_KEY

Comments