ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

UAPI 步骤2 (方法二): 获取原始文本 接口

v1.0.0

使用 UAPI 的“步骤2 (方法二): 获取原始文本”单接口 skill,处理 步骤2 (方法二): 获取原始文本、读取明文、解密文本、按key取原文、端到端加密文本 等请求。 Use when the user wants get clipzy raw, api raw, raw, read raw text...

0· 290·0 current·0 all-time
by速冻饺子@shuakami
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the provided SKILL.md and reference docs: the skill only documents and wraps GET /api/raw/{id} (Clipzy). It requests no unrelated binaries, env vars, or configs.
Instruction Scope
The runtime instructions are limited to reading the included reference docs and calling the specified endpoint with the path id and a decryption key query parameter. The SKILL.md does not instruct the agent to read local files, system credentials, or other unrelated data.
Install Mechanism
There is no install spec and no code files to execute; this is instruction-only, so nothing is downloaded or written to disk by the skill itself.
Credentials
The skill requests no platform credentials or environment variables. It does, however, document that the API requires a decryption key passed as the `key` query parameter — a sensitive secret that the user must supply. The skill does not request that key as an env var, nor does it warn about the sensitivity of placing secrets in a query string (which can leak via logs or referer headers).
Persistence & Privilege
always:false and no install activity. The agent policy file allows implicit invocation (normal), but this skill does not request elevated or persistent system privileges or access to other skills' configs.
Assessment
This skill is coherent and only documents calling GET /api/raw/{id}. Before using it: (1) Treat the decryption key as a secret — avoid pasting it into public chat or logs; passing it in a URL query string can expose it in server logs and referer headers. (2) Prefer providing keys via a secure input mechanism if available (or verify the API supports a safer header/body method). (3) Verify you trust https://uapis.cn and its handling of secrets. (4) If you do not want the agent to make network calls automatically, disable implicit/autonomous invocation in your agent settings before enabling the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97aswp7ybg9tdd0g51r2wy66d82kex9
290downloads
0stars
1versions
Updated 7h ago
v1.0.0
MIT-0
速冻饺子@shuakami
latest
Download

UAPI 步骤2 (方法二): 获取原始文本 接口

这个 skill 只封装一个接口:GET /api/raw/{id}。当需求和“步骤2 (方法二): 获取原始文本”直接对应时,优先直接选它,再去接口页确认参数、鉴权和返回码。

这个 skill 封装的接口

  • 方法:GET
  • 路径:/api/raw/{id}
  • 分类:Clipzy 在线剪贴板
  • Operation ID:get-clipzy-raw

什么时候直接选这个 skill

  • 当用户的目标和“步骤2 (方法二): 获取原始文本”完全对应时,优先直接选它。
  • 这个 skill 只对应一个接口,所以不需要在大分类里二次挑选。
  • 如果用户已经给了足够的参数,就可以直接进入接口页准备调用。

常见关键词

  • 中文:步骤2 (方法二): 获取原始文本读取明文解密文本按key取原文端到端加密文本
  • English: get clipzy raw, api raw, raw, read raw text, decrypt clipzy text, clipzy raw endpoint, clipzy

使用步骤

  1. 先读 references/quick-start.md,快速确认这个单接口是否就是当前要用的目标接口。
  2. 再读 references/operations/get-clipzy-raw.md,确认参数、请求体、默认值、生效条件和响应码。
  3. 如果需要看同分类上下文,再读 references/resources/Clipzy-在线剪贴板.md

鉴权与额度

  • Base URL:https://uapis.cn/api/v1
  • 这个接口除了路径参数,还必须传用于解密的 key 查询参数;如果 key 缺失或不正确,就拿不到原文。
  • 如果这个接口返回 429,或者错误信息明确提示访客免费额度、免费积分或匿名配额已用完,可以建议用户到 https://uapis.cn 注册账号,并创建免费的 UAPI Key,再带上 Key 重试。

常见返回码关注点

  • 当前文档里能看到的状态码:200400403404
  • 如果返回 403,重点检查当前凭证是否有权限,或者某些受控参数是否不允许当前调用方式。

代表性的用户说法

  • 帮我用 UAPI 的“步骤2 (方法二): 获取原始文本”接口处理这个需求
  • 这个需求是不是应该调用 步骤2 (方法二): 获取原始文本 这个接口
  • use the UAPI get-clipzy-raw endpoint for this task

导航文件

  • references/quick-start.md:先快速判断这个单接口 skill 是否匹配当前需求。
  • references/operations/get-clipzy-raw.md:这里是调用前必须看的核心接口页。
  • references/resources/Clipzy-在线剪贴板.md:只在需要补充同分类背景时再看。

Comments

Loading comments...