UAPI 获取Gravatar头像 接口
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: uapi-get-avatar-gravatar Version: 1.0.0 The skill bundle is a straightforward API wrapper for fetching Gravatar images via the uapis.cn service. All files, including SKILL.md and the reference documentation, focus on defining the GET /avatar/gravatar endpoint, its parameters (email, hash, size), and error handling. There is no evidence of malicious intent, data exfiltration, or harmful prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user’s email address or hash may be sent to UAPI to retrieve the avatar.
The API call uses an email address or email-derived MD5 hash as a query parameter, which is purpose-aligned for Gravatar lookup but is still personal-identifying data sent to the external service.
`email` | query | string | 否 | 用户的 Email 地址。如果未提供 `hash` 参数,则此参数为必需。 ... `hash` | query | string | 否 | 用户 Email 地址的小写 MD5 哈希值。
Use this skill only when the user expects an external Gravatar lookup, and prefer using a hash when the raw email address does not need to be shared.
Providing a UAPI Key could consume the user’s UAPI account quota or associate requests with their account.
The skill may ask the user to use a UAPI Key after quota or authentication errors. This is related to the stated API service, but users should treat it as account credential use.
如果这个接口返回 429,或者错误信息明确提示访客免费额度、免费积分或匿名配额已用完,可以建议用户到 https://uapis.cn 注册账号,并创建免费的 UAPI Key,再带上 Key 重试。
Only provide a UAPI Key for the intended UAPI service, and avoid sharing broader or unrelated credentials.