ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Auto Skill 20260404 063632

v1.0.0

API问题对抗讨论求解器 - 4模型线性对抗找出最优解

0· 75·0 current·0 all-time
by@timo2026

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for timo2026/auto-skill-20260404-063632.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Auto Skill 20260404 063632" (timo2026/auto-skill-20260404-063632) from ClawHub.
Skill page: https://clawhub.ai/timo2026/auto-skill-20260404-063632
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install auto-skill-20260404-063632

ClawHub CLI

Package manager switcher

npx clawhub@latest install auto-skill-20260404-063632
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to perform a 4-model linear adversarial analysis for API debugging — the prose and pseudocode in SKILL.md are consistent with that purpose. However, it references an explicit base_url (coding.dashscope.aliyuncs.com/v1) and an API key format (sk-sp-xxxxx) that imply integration with an external API/service even though the skill declares no required environment variables or credentials. This mismatch is unexplained.
Instruction Scope
Instructions include logical runtime steps (ping, HTTPS request, configuration checks, invoking call_model, save_cache). They do not explicitly instruct the agent to read arbitrary system files or exfiltrate data, but they reference saving cache and named files (modules/linear_adversarial_4model.py, memory/api_debate_analysis_20260404.txt) that are not present in the bundle. It's unclear where saved data is written or what 'call_model' targets — this gives the agent discretionary I/O/network behavior that isn't fully specified.
Install Mechanism
This is an instruction-only skill with no install spec and no code files included, so nothing is written to disk or installed by the skill itself. That minimizes installation risk.
Credentials
No environment variables or credentials are declared, yet the documentation mentions a concrete base_url and an API key pattern. If the skill is intended to call an external API, the absence of declared required credentials is a proportionality/information mismatch: users might be prompted later to supply secrets or store them in unspecified locations. The skill does not ask for broad system credentials, but the missing explicit credential handling is a concern.
Persistence & Privilege
always is false and there are no special persistence or cross-skill configuration changes declared. The skill does reference saving cache and a memory file name, but those are internal references in the docs; the package does not request persistent privileges or system-wide changes.
What to consider before installing
This skill appears to describe a plausible debugging workflow, but there are unexplained gaps: SKILL.md mentions modules and memory files that are not included, and it references a specific API endpoint and API-key format while declaring no required credentials. Before installing or using it: (1) ask the publisher for the missing code files or an explanation of where call_model/save_cache operate; (2) do not provide API keys or secrets until you confirm how and where they will be used/stored; (3) prefer running the workflow in a sandboxed environment; (4) request a homepage or source repo to inspect actual implementation; and (5) if you need to trust this skill, insist that it explicitly declare required environment variables and storage locations so you can assess credential exposure.

Like a lobster shell, security has layers — review code before you run it.

latestvk971045x1n5gvxc9n675fy8z698444kc
75downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
@timo2026
latest
Download

API问题对抗讨论求解器

概述

当遇到复杂的API问题时,使用4模型线性对抗找出最优解:

  1. 架构师:问题诊断+方案设计
  2. 审核者:质疑风险+建议验证
  3. 仲裁者:综合判断+最终决策
  4. 收敛者:找共同点+整理输出

使用场景

  • API调用失败需要诊断
  • 多个解决方案需要选择最优
  • 需要多个角度分析问题

本次应用案例

问题描述

API Key验证失败,请求超时

诊断过程

Step 1: 网络诊断

  • ping测试:208ms延迟,3包全收 ✅
  • HTTPS请求:超时(30秒无响应)❌

Step 2: 配置检查

  • base_url: coding.dashscope.aliyuncs.com/v1 ✅
  • API Key格式: sk-sp-xxxxx ✅

Step 3: 降级方案

  • 当前会话fallback模式 ✅

最优解

网络诊断 → 有限重试 → 模拟降级

代码实现

线性对抗引擎

# 4模型线性排列
models = [
    {"角色": "架构师", "延迟": 5},
    {"角色": "审核者", "延迟": 5},
    {"角色": "仲裁者", "延迟": 8},
    {"角色": "收敛者", "延迟": 0},
]

# 依次发言,记录回复,最终收敛
for model in models:
    response = call_model(model)
    save_cache(response)
    time.sleep(model["延迟"])

教训总结

  1. base_url必须匹配API类型(Coding Plan用专用URL)
  2. 网络层正常不代表应用层正常
  3. 需要降级机制保证可用性

相关文件

  • modules/linear_adversarial_4model.py - 线性对抗引擎
  • tests/test_basic.py - 单元测试
  • memory/api_debate_analysis_20260404.txt - 对抗分析报告

生成时间: 2026-04-04 作者: 海狸 🦫

Comments

Loading comments...