ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

jisuai-auto

v1.0.0

一键配置 OpenClaw 对接 aicodee.com MiniMax 模型中转服务。当用户需要配置、设置、激活 aicodee 的 MiniMax API 时触发。触发词:jisuai-auto、配置jisuai、配置爱代码、配置MiniMax。

0· 104·0 current·0 all-time
by@outrice

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for outrice/jisuai-auto.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "jisuai-auto" (outrice/jisuai-auto) from ClawHub.
Skill page: https://clawhub.ai/outrice/jisuai-auto
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install jisuai-auto

ClawHub CLI

Package manager switcher

npx clawhub@latest install jisuai-auto
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The script's goal (add an aicodee MiniMax provider and switch the default model) matches the skill description. However the code uses a hard-coded Windows path (C:\Users\Rice\.openclaw\openclaw.json) and the skill metadata did not declare any required config path; that mismatch is unexpected and suggests poor portability or a misconfiguration that should have been declared.
!
Instruction Scope
SKILL.md instructs the agent to extract the API Base URL and API Key from user messages and then run the local script which directly reads/writes a local openclaw.json. Automatically parsing user messages for API keys can cause accidental exposure of secrets; the instructions give the agent broad discretion to parse messages for secrets and do not require explicit user confirmation or declare the local path being modified.
Install Mechanism
No install spec; the skill is instruction+script only. Nothing is downloaded or written at install time beyond running the included Python script when invoked.
!
Credentials
The skill requests no environment variables, but it does require write access to the user's OpenClaw config file; that required config path is not declared in metadata. The API key is expected to be provided in chat messages (not via a declared secret input), which is disproportionate and risky for secret handling. The API-key regex in SKILL.md looks malformed (contains 'sk-\|sk3') and may fail to match or behave unexpectedly.
Persistence & Privilege
The skill is not always-on and does not request elevated platform privileges. It does modify a user configuration file (overwriting openclaw.json entries) when run, which is within its claimed purpose but is a significant change to user settings and should be made explicit and reversible (backup recommended).
What to consider before installing
This skill will modify your OpenClaw config file by writing the provided API Base URL and API Key into openclaw.json and switching your default model. Before installing or invoking it: - Do not paste real API keys into chat if you don't want them stored in your local config; instead run the script locally with the key passed on the command line or set it manually. - Review and backup your openclaw.json before running the script (it overwrites data at C:\Users\Rice\.openclaw\openclaw.json). The path is hard-coded to a Windows user 'Rice' — edit the script to point to your actual OpenClaw config (or make it use your HOME directory) before running. - Be aware the SKILL.md metadata does not declare the config file access; treat this as a transparency issue. If you trust the source, manually inspect the script and adjust OPENCLAW_PATH and behavior as needed. If unsure, run the Python script locally yourself (not via an automated agent) after confirming the path and contents to be written.

Like a lobster shell, security has layers — review code before you run it.

latestvk97145d2bk5b3k25d1b28t3qjh83jxt8
104downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@outrice
latest
Download

jisuai-auto

一键将 aicodee.com MiniMax 中转 API 配置到 OpenClaw。

工作流程

  1. 从用户消息中提取 API 信息(见下方详细规则)
  2. 校验必填字段:API Key 不能为空
  3. 读取当前 openclaw.json
  4. 运行配置脚本python scripts/configure.py --base-url <URL> --api-key <KEY>
  5. 脚本自动完成
    • models.providers 下新增 jisuaivauto 提供商
    • agents.defaults.model.primary 改为 jisuaivauto/MiniMax-M2.7-highspeed
  6. 告知用户配置完成

信息提取规则

提取顺序(优先级从高到低)

  1. 先尝试从代码块...)中提取
  2. 再从普通文本中提取

字段提取

字段匹配模式示例
API Base URL正则:`(?:API\sBase\sURLbaseurl
API Key正则:`(?:API\s*Keyapikey
模型名称正则:`(?:模型名称模型

默认值

  • API Base URL:必填,从消息提取;无法提取时报错要求用户提供
  • 模型名称:默认 MiniMax-M2.7-highspeed

常见变体兼容

  • API Base URL:
  • API Base URL:
  • baseurl:
  • 接口地址:
  • API Key:
  • apikey:
  • 密钥:

提取示例

输入(混乱格式):

API Base URL:https://v2.aicodee.com
API Key:sk-3a099f856d7664c76c60905895c6a36f
模型: MiniMax-M2.5-highspeed / MiniMax-M2.7-highspeed

提取结果:

  • base-url = https://v2.aicodee.com
  • api-key = sk-3a099f856d7664c76c60905895c6a36f
  • model-id = MiniMax-M2.5-highspeed(取第一个 MiniMax 开头的)

错误处理

  • API Key 缺失:告知用户「未找到 API Key,请确保消息中包含 API Key」
  • 脚本执行失败:回显错误信息,建议手动检查 openclaw.json

脚本用法

python scripts/configure.py --base-url "https://v2.aicodee.com" --api-key "sk-3a099f856d7664c76c60905895c6a36f" --provider-name "jisuaivauto"

参数说明:

  • --base-url:API 服务器地址
  • --api-key必填,API Key
  • --provider-name:提供商名称,默认 jisuaivauto
  • --model-id:模型 ID,默认 MiniMax-M2.7-highspeed

Comments

Loading comments...