UAPI 获取Gravatar头像 接口
PassAudited by ClawScan on May 1, 2026.
Overview
This is a simple instruction-only skill for calling one Gravatar avatar lookup API, with only minor privacy and optional API-key considerations.
This skill appears safe for its stated purpose. Before installing, be comfortable with sending the target email address or hash to UAPI for a Gravatar lookup, and only provide a UAPI Key if you intentionally want authenticated or quota-backed access.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user’s email address or hash may be sent to UAPI to retrieve the avatar.
The API call uses an email address or email-derived MD5 hash as a query parameter, which is purpose-aligned for Gravatar lookup but is still personal-identifying data sent to the external service.
`email` | query | string | 否 | 用户的 Email 地址。如果未提供 `hash` 参数,则此参数为必需。 ... `hash` | query | string | 否 | 用户 Email 地址的小写 MD5 哈希值。
Use this skill only when the user expects an external Gravatar lookup, and prefer using a hash when the raw email address does not need to be shared.
Providing a UAPI Key could consume the user’s UAPI account quota or associate requests with their account.
The skill may ask the user to use a UAPI Key after quota or authentication errors. This is related to the stated API service, but users should treat it as account credential use.
如果这个接口返回 429,或者错误信息明确提示访客免费额度、免费积分或匿名配额已用完,可以建议用户到 https://uapis.cn 注册账号,并创建免费的 UAPI Key,再带上 Key 重试。
Only provide a UAPI Key for the intended UAPI service, and avoid sharing broader or unrelated credentials.