Cn Api Router
v1.1.0国内 AI 模型 API 配置向导。帮助 OpenClaw 用户快速配置 DeepSeek、通义千问、智谱GLM、 Moonshot(月之暗面)、百川、零一万物等国内大模型 API。 自动生成 OpenClaw 配置并通过 config.patch 安全写入,支持模型切换和多模型并存。 Use when: 用户说...
⭐ 0· 130·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, SKILL.md, providers.md, and the included Python script all align: they enumerate Chinese model providers and generate OpenClaw config.patch JSON containing a provider entry and an API key. No unrelated services, binaries, or secrets are requested.
Instruction Scope
SKILL.md correctly states the script only generates JSON and that the agent should use gateway config.patch to apply it. One operational risk: the script prints the API key in the generated JSON (it must, to populate the provider entry). That is expected for this purpose but means API keys appear in the script output — ensure the agent does not log, transmit, or expose that output to third parties before patching.
Install Mechanism
No install spec; only an instruction-only skill plus a small Python script included. No downloads, package installs, or archive extraction. Low install risk.
Credentials
The skill does not request environment variables, system config paths, or other credentials. It requires the user to supply an API key for the chosen provider (appropriate and proportional).
Persistence & Privilege
always: false and normal agent invocation. The skill suggests writing to OpenClaw config via gateway config.patch (appropriate for configuring models). It does not request persistent elevated privileges or modify other skills.
Assessment
This skill appears to do what it says: generate OpenClaw provider config JSON for various CN model vendors. Before using it: (1) inspect and run the included scripts locally (e.g., python scripts/setup_model.py --list) to confirm behavior; (2) use a test or limited API key first — the script prints the API key in the JSON, so avoid exposing production keys in logs or external telemetry; (3) verify your OpenClaw gateway's config.patch behavior and confirm it stores API keys encrypted as claimed; (4) do not paste API keys into untrusted UIs — prefer invoking the script locally and then applying the patch manually if you have concerns. If you need higher assurance, ask the author for a provenance/homepage or run the script in an isolated environment first.Like a lobster shell, security has layers — review code before you run it.
latestvk9785x9261sd0q5ywed8w8j1k58335a3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.