薇薇发

v1.0.0

支持上传和处理图片、文件及CSV，结合输入内容生成定制化文本回复，适用于聊天记录和工作流应用场景。

⭐ 0· 154·0 current·0 all-time

by@github2cao

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for github2cao/111jjjjk.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "薇薇发" (github2cao/111jjjjk) from ClawHub.
Skill page: https://clawhub.ai/github2cao/111jjjjk
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install 111jjjjk

ClawHub CLI

Package manager switcher

npx clawhub@latest install 111jjjjk

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The name/description say it handles uploads and generates text from images/files, and the SKILL.md contains concrete upload and workflow endpoints and payloads consistent with that purpose. However, the skill hard-codes internal IP addresses and a public IP for upload/workflow endpoints without declaring that network access or credentials are required, which is a discrepancy worth flagging.

Instruction Scope

Runtime instructions instruct posting user images/files to several hard-coded endpoints (e.g., 10.73.171.38:30110 and 188.103.147.179:30181) and reference header 'currentuser' and an Authorization Bearer token in included logs—this means user data would be sent to those endpoints. The SKILL.md does not explain data retention, privacy, or who controls those endpoints, which is scope creep for a skill that claims only to 'process' files and reply with text.

✓

Install Mechanism

There is no install spec and no code files to execute, so nothing is written to disk by an installation step. That reduces supply-chain risk, but runtime network calls described in the instructions remain the primary risk surface.

Credentials

The skill declares no required environment variables or credentials, yet the documentation and logs include an Authorization Bearer token and note using a currentuser header for uploads. Either required credentials are omitted from the manifest (mismatch) or the skill relies on ambient/implicit credentials — both are risky and disproportionate to the manifest.

✓

Persistence & Privilege

The skill is user-invocable, not always-enabled, and does not request installation-time persistence or system-wide config changes. Autonomous invocation is allowed by default but is not combined here with 'always' or other privileged settings.

Scan Findings in Context

[hardcoded_internal_endpoints] unexpected: SKILL.md and logs contain multiple hard-coded internal IP addresses (10.73.171.38) and a public IP (188.103.147.179) used as upload/workflow endpoints. The skill does not declare that it requires access to these networks or which account owns them.

[embedded_bearer_token] unexpected: One included log file contains an Authorization: Bearer <token> example. Embedding a token in the skill artifacts is risky and the skill manifest does not declare any credential requirements or explain how auth is managed.

What to consider before installing

This skill appears to do what it says (upload/process images and files), but it contains hard-coded upload endpoints (internal IPs and a public IP) and even an example bearer token in the bundled files. Before installing or using it: 1) Verify who controls the listed endpoints and whether you trust them — the skill will send uploaded user files to those hosts. 2) Ask the publisher how authentication is handled and why no credentials are declared in the manifest. 3) Do not upload sensitive files until you confirm retention and access policies for the endpoints. 4) Prefer running this only in an isolated/test environment or behind network controls (block outbound to those IPs) until you obtain clarification. If you cannot get clear answers about the endpoints and token handling, treat the skill as risky and avoid installing it.

Like a lobster shell, security has layers — review code before you run it.

latestvk975cm28rpv0t9w90694ad0vkx83epss

154downloads

0stars

1versions

Updated 1mo ago

v1.0.0

MIT-0

首先要确认，图片、文件是保存多久. 跟聊天记录的时长是否一致。

spring.application.name.llm-playground-service

imagePaths 使用这个参数接图片 imagePath 单张 imagePaths 多张

filePaths 使用这个参数接文件 filePath 单个文件 filePaths 多个文件

本地调试需要在header 中添加 currentuser 参数

http://10.73.171.38:30110/largemodel/llmstudio/fs/uploadImg 上传图片地址 http://10.73.171.38:30110/largemodel/llmstudio/fs/6e35a560-0530-4b72-8b1c-672f9bb5d531/upload/1763357942287_CGM.png 显示地址 6e35a560-0530-4b72-8b1c-672f9bb5d531/upload/1763357942287_CGM.png 返回内容

http://10.73.171.38:30110/largemodel/llmstudio/fs/6e35a560-0530-4b72-8b1c-672f9bb5d531/upload/1763360443721_1763360443713_493caaf73fcc20446dc764987a53fad9.jpg 6e35a560-0530-4b72-8b1c-672f9bb5d531/upload/1763360443721_1763360443713_493caaf73fcc20446dc764987a53fad9.jpg

http://10.73.171.38:30110/largemodel/llmstudio/fs/uploadFile 上传文件地址文件没有显示 6e35a560-0530-4b72-8b1c-672f9bb5d531/upload/error.txt 返回内容

工作流

文件上传：http://188.103.147.179:30181/largemodel/llmstudio/llm-workflow-service/api/v1/workflow/sign_file_url

{ "id": "6915755ec2e807195c7a8e6b", "input": { "BOT_USER_INPUT": "yyyyy", "BOT_CHAT_HISTORY": null, "BOT_USER_FILE": "6e35a560-0530-4b72-8b1c-672f9bb5d531/upload/1763015301444_CGM.png" }, "lastUpdate": "1763015276963", "canvasType": "DRAFT" } --- "reason": "illegal input， offset 1, char 由",

{ "browserEnable": true, "imagePath": null, "imagePaths": [ "6e35a560-0530-4b72-8b1c-672f9bb5d531/upload/1763030284427_10.30加班打卡记录.jpg", "6e35a560-0530-4b72-8b1c-672f9bb5d531/upload/1763030292138_11.04加班打卡记录.jpg" ], "filePaths": [ "6e35a560-0530-4b72-8b1c-672f9bb5d531/upload/2025.11.13-2025.11.21.txt", "6e35a560-0530-4b72-8b1c-672f9bb5d531/upload/2025.11.13-2025.11.21.txt", "6e35a560-0530-4b72-8b1c-672f9bb5d531/upload/上下班打卡_日报_20250720-20250920-30天.csv" ], "filePath": "6e35a560-0530-4b72-8b1c-672f9bb5d531/upload/2025.11.13-2025.11.21.txt", "recordId": "1762860012769ojonrbvlw", "video": { "videoImagePath": null, "videoPath": null, "duration": null }, "docId": null, "sourceDoc": { "type": 0, "list": [ { "name": "2025.11.13-2025.11.21.txt", "size": 6567, "status": "success", "path": "6e35a560-0530-4b72-8b1c-672f9bb5d531/upload/2025.11.13-2025.11.21.txt", "showRef": false }, { "name": "2025.11.13-2025.11.21.txt", "size": 6567, "status": "success", "path": "6e35a560-0530-4b72-8b1c-672f9bb5d531/upload/2025.11.13-2025.11.21.txt", "showRef": false }, { "name": "上下班打卡_日报_20250720-20250920-30天.csv", "size": 27923, "status": "success", "path": "6e35a560-0530-4b72-8b1c-672f9bb5d531/upload/上下班打卡_日报_20250720-20250920-30天.csv", "showRef": false } ] }, "params": {}, "modelId": "jiutian-lan", "input": "用文件内容吹牛逼", "sourceType": "app", "agentApp": { "appId": "690d98e00b367959f1fcc8dd", "appName": "cgm_test", "debug": true, "id": "690d98e00b367959f1fcc8dd", "name": "cgm_test", "avatar": "public/avatar/1762498777498_1762498777496_1762498777487_text2Image.jpg", "desc": "cgm_test", "prolog": null, "userId": "6e35a560-0530-4b72-8b1c-672f9bb5d531", "username": "cxy_test", "createTime": "2025-11-07 14:59:44", "updateTime": "2025-11-13 18:37:49", "modelId": "jiutian-lan", "params": {}, "prompt": "", "example": [ { "question": "帮忙吹牛逼", "file": { "path": "", "name": "", "type": "", "size": 0, "status": "", "message": "" } }, { "question": "", "file": { "path": "", "name": "", "type": "", "size": 0, "status": "", "message": "" } } ], "plugList": [], "mcpList": null, "workflowList": [ { "id": "690db390713cfa3eba14f836", "canvasType": "PRIVATE_RELEASE" } ], "showRefer": 0, "memory": 0, "userVisibleMemory": false, "showSuggestInput": 1, "bot_voice": null, "klFile": null, "klBases": [], "clickCount": 0, "appType": 6, "status": 0, "pubTime": null, "rejectReason": null, "offLineReason": null, "favoriteCount": null, "isRecommended": null, "recommendTime": null, "chatCount": 0, "topN": 3, "threshold": 0.65, "addContext": null, "rerank": 1, "rerankModel": "BAAI/bge-reranker-large", "searchType": 0, "answerModelId": "qwen3-32b", "temperature": 0.8, "topP": 0.5, "kbSearchModel": "forced", "chatMode": "workflow", "planModel": null, "cards": null, "mobileCertify": null, "goodCount": 0, "badCount": 0, "teamId": null, "coopUids": null, "coopUserInfo": null, "lastUpdateTime": null, "coopRole": "creater", "publishedTemplate": null, "agentCardId": null, "questionList": [ { "question": "帮忙吹牛逼", "file": { "path": "", "name": "", "type": "", "size": 0, "status": "", "message": "" } }, { "question": "", "file": { "path": "", "name": "", "type": "", "size": 0, "status": "", "message": "" } } ] } }

LLM 图片上传：http://188.103.147.179:30181/largemodel/llmstudio/fs/uploadImg 文件上传：http://188.103.147.179:30181/largemodel/llmstudio/fs/uploadFile csv上传：http://188.103.147.179:30181/largemodel/llmstudio/fs/uploadFile

请求参数 { "browserEnable": true, "imagePath": null, "filePath": null, "recordId": "1763016007604y5aej1it3", "video": { "videoImagePath": null, "videoPath": null, "duration": null }, "docId": null, "sourceDoc": { "type": 0, "list": [] }, "params": {}, "modelId": "jiutian-lan", "input": "123445", "name": "2323", "sourceType": "app", "agentApp": { "appId": "69157c599ddc670712531443", "appName": "cgm_test", "debug": true, "id": "69157c599ddc670712531443", "name": "cgm_test", "avatar": "public/avatar/1763015767084_CGM.png", "desc": "cgm_test", "prolog": null, "userId": "6e35a560-0530-4b72-8b1c-672f9bb5d531", "username": "cxy_test", "createTime": "2025-11-13 14:36:09", "updateTime": "2025-11-13 14:36:09", "modelId": "jiutian-lan", "params": {}, "prompt": "使用输入参数进行吹牛逼，吹越大越好！", "example": [ { "question": "", "file": { "path": "", "name": "", "type": "", "size": 0, "status": "", "message": "" } } ], "plugList": [], "mcpList": null, "workflowList": [], "showRefer": 0, "memory": 0, "userVisibleMemory": false, "showSuggestInput": 1, "klFile": null, "klBases": [], "clickCount": 0, "appType": 6, "status": 0, "pubTime": null, "rejectReason": null, "offLineReason": null, "favoriteCount": null, "isRecommended": null, "recommendTime": null, "chatCount": 0, "topN": 3, "threshold": 0.65, "addContext": null, "rerank": 1, "rerankModel": "BAAI/bge-reranker-large", "searchType": 0, "answerModelId": "Qwen3-32B", "temperature": 0.84, "topP": 0.5, "kbSearchModel": "forced", "chatMode": "llm", "planModel": "Qwen3-32B-fc", "cards": {}, "mobileCertify": 0, "goodCount": 0, "badCount": 0, "teamId": null, "coopUids": null, "coopUserInfo": null, "lastUpdateTime": null, "coopRole": "creater", "publishedTemplate": null, "questionList": [ { "question": "", "file": { "path": "", "name": "", "type": "", "size": 0, "status": "", "message": "" } } ] } }

请求参数 { "browserEnable": true, "imagePath": "6e35a560-0530-4b72-8b1c-672f9bb5d531/upload/1763016377381_CGM.png", "filePath": null, "recordId": "1763016347001xgjj90sl4", "video": { "videoImagePath": null, "videoPath": null, "duration": null }, "docId": null, "sourceDoc": { "type": 0, "list": [] }, "params": {}, "modelId": "jiutian-lan", "input": "用图片内容", "name": "用图片内容", "sourceType": "app", "agentApp": { "appId": "69157c599ddc670712531443", "appName": "cgm_test", "debug": true, "id": "69157c599ddc670712531443", "name": "cgm_test", "avatar": "public/avatar/1763015767084_CGM.png", "desc": "cgm_test", "prolog": null, "userId": "6e35a560-0530-4b72-8b1c-672f9bb5d531", "username": "cxy_test", "createTime": "2025-11-13 14:36:09", "updateTime": "2025-11-13 14:36:09", "modelId": "jiutian-lan", "params": {}, "prompt": "", "example": [ { "question": "", "file": { "path": "", "name": "", "type": "", "size": 0, "status": "", "message": "" } } ], "plugList": [], "mcpList": null, "workflowList": [], "showRefer": 0, "memory": 0, "userVisibleMemory": false, "showSuggestInput": 1, "klFile": null, "klBases": [], "clickCount": 0, "appType": 6, "status": 0, "pubTime": null, "rejectReason": null, "offLineReason": null, "favoriteCount": null, "isRecommended": null, "recommendTime": null, "chatCount": 0, "topN": 3, "threshold": 0.65, "addContext": null, "rerank": 1, "rerankModel": "BAAI/bge-reranker-large", "searchType": 0, "answerModelId": "Jiutian-75B", "temperature": 0.9, "topP": 0.5, "kbSearchModel": "forced", "chatMode": "llm", "planModel": "jiutian_75b_fc", "cards": {}, "mobileCertify": 0, "goodCount": 0, "badCount": 0, "teamId": null, "coopUids": null, "coopUserInfo": null, "lastUpdateTime": null, "coopRole": "creater", "publishedTemplate": null, "questionList": [ { "question": "", "file": { "path": "", "name": "", "type": "", "size": 0, "status": "", "message": "" } } ] } }

Comments

Loading comments...