ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

YYClaw

v1.0.0

Access and call 50+ AI models via YYClaw API with on-chain stablecoin payments; check balance, usage, models, and make API calls using one API key.

0· 190·0 current·0 all-time
by@geniustimee

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for geniustimee/yyclaw.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "YYClaw" (geniustimee/yyclaw) from ClawHub.
Skill page: https://clawhub.ai/geniustimee/yyclaw
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install yyclaw

ClawHub CLI

Package manager switcher

npx clawhub@latest install yyclaw
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md describes a gateway that requires a YYCLAW_API_KEY to call models and check balance — this is consistent with the skill's description. However, the registry metadata lists no required environment variables or primary credential, which is an inconsistency (the skill clearly needs an API key).
Instruction Scope
The runtime instructions are narrowly scoped to interacting with https://crypto.yyclaw.cc: reading the YYCLAW_API_KEY, calling /v1/balance, /v1/usage, /v1/models, and /v1/chat/completions. The instructions do not request unrelated system files, secrets, or network exfiltration beyond the gateway endpoint.
Install Mechanism
No install spec or code files — instruction-only skill. Nothing is written to disk or downloaded by the skill itself, which minimizes install-time risk.
!
Credentials
The skill requires a single service API key (YYCLAW_API_KEY) and optionally YYCLAW_BASE_URL — both are proportionate to the described functionality. The concern is that the registry metadata does not declare this required credential, so users relying on metadata may not realize an API key (and therefore tokens/approval on-chain) will be used/sent to an external service.
Persistence & Privilege
always is false and the skill is user-invocable. There is no install behavior or configuration changes, so it does not request elevated persistence or system privileges.
What to consider before installing
This skill appears to do what it says (wrap YYClaw API calls), but note the registry metadata omission: SKILL.md requires YYCLAW_API_KEY (and optionally YYCLAW_BASE_URL) even though the manifest lists no env vars. Before installing: 1) Verify the service domain (https://crypto.yyclaw.cc) and its reputation and TLS certificate; 2) Be aware the skill will read YYCLAW_API_KEY from your environment and send it to that external endpoint — do not paste private keys or long-lived wallet keys into the agent/chat; 3) Because payments are on‑chain, prefer minimum/ephemeral allowances or low test balances and monitor on‑chain approvals/transactions; 4) Consider setting YYCLAW_BASE_URL only to a trusted endpoint (avoid overriding to untrusted URLs); 5) If you need higher assurance, ask the publisher for provenance (homepage, owner contact, audit) or request the registry metadata be updated to declare YYCLAW_API_KEY as a required credential. If you don’t trust the external payment/gateway provider, do not provide the API key.

Like a lobster shell, security has layers — review code before you run it.

latestvk9763b8ehwrjwg4x4fbq75y5g18356mb
190downloads
0stars
1versions
Updated 22h ago
v1.0.0
MIT-0
@geniustimee
latest
Download

YYClaw — Pay-Per-Call AI Gateway Skill

Description

Use YYClaw API to call 50+ AI models (Claude, Gemini) with on-chain stablecoin payments. Check balance, usage, list models, and make API calls — all with a single API key.

Setup

Required Environment

Optional

  • YYCLAW_BASE_URL — Override gateway URL (default: https://crypto.yyclaw.cc)

API Reference

Base URL: https://crypto.yyclaw.cc

All endpoints use Authorization: Bearer <YYCLAW_API_KEY> header.

Check Balance & Remaining Credit

GET /v1/balance

Returns on-chain allowance (authorized amount), spent, remaining, call count, per-chain breakdown, and wallet address.

Response:

{
  "balance": 50.00,
  "spent": 2.34,
  "remaining": 47.66,
  "calls": 28,
  "chains": { "bsc": 50.00, "base": 0 },
  "wallet": "0x..."
}

Check Usage & Logs

GET /v1/usage?limit=20

Returns total calls, total spent, and recent call logs.

Response:

{
  "total_calls": 28,
  "total_spent": 2.34,
  "logs": [
    { "model": "gemini-3-flash-fixed", "cost": 0.02, "status": "success:0xabc...", "created_at": "2026-03-18 12:00:00" }
  ]
}

List Available Models

GET /v1/models

Returns all enabled models with per-call pricing. No auth required.

Call a Model (OpenAI-compatible)

POST /v1/chat/completions
Content-Type: application/json

{
  "model": "gemini-3-flash",
  "messages": [{"role": "user", "content": "Hello"}],
  "stream": false
}

The -fixed suffix is auto-appended if omitted. Supports streaming ("stream": true).

Model Aliases (shorthand → full name)

ShortModelPrice/call
gemini-3-flashgemini-3-flash-fixed$0.020
gemini-2.5-flashgemini-2.5-flash-fixed$0.010
gemini-3-pro-previewgemini-3-pro-preview-fixed$0.080
claude-haiku-4.5claude-haiku-4.5-fixed$0.064
claude-sonnet-4-6claude-sonnet-4-6-fixed$0.100
claude-opus-4.6claude-opus-4.6-fixed$0.160

Instructions for Agent

When this skill is active, use curl or any HTTP client to interact with YYClaw.

Reading API Key

echo $YYCLAW_API_KEY

If not set, ask the user to provide it or direct them to https://crypto.yyclaw.cc to get one.

Check Balance

curl -s -H "Authorization: Bearer $YYCLAW_API_KEY" https://crypto.yyclaw.cc/v1/balance | python3 -m json.tool

Check Usage

curl -s -H "Authorization: Bearer $YYCLAW_API_KEY" https://crypto.yyclaw.cc/v1/usage?limit=10 | python3 -m json.tool

List Models

curl -s https://crypto.yyclaw.cc/v1/models | python3 -m json.tool

Call a Model

curl -s -X POST https://crypto.yyclaw.cc/v1/chat/completions \
  -H "Authorization: Bearer $YYCLAW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"model":"gemini-3-flash","messages":[{"role":"user","content":"Hello"}]}'

OpenAI SDK (Python)

from openai import OpenAI
import os

client = OpenAI(
    api_key=os.environ["YYCLAW_API_KEY"],
    base_url="https://crypto.yyclaw.cc/v1"
)

response = client.chat.completions.create(
    model="gemini-3-flash",
    messages=[{"role": "user", "content": "Hello"}]
)
print(response.choices[0].message.content)

OpenAI SDK (JavaScript)

import OpenAI from 'openai';

const client = new OpenAI({
  apiKey: process.env.YYCLAW_API_KEY,
  baseURL: 'https://crypto.yyclaw.cc/v1'
});

const res = await client.chat.completions.create({
  model: 'gemini-3-flash',
  messages: [{ role: 'user', content: 'Hello' }]
});
console.log(res.choices[0].message.content);

Error Handling

CodeMeaningAction
401Invalid API keyCheck YYCLAW_API_KEY
402Insufficient balance/allowanceUser needs to approve more tokens at dashboard
404Model not foundCheck /v1/models for available models
503Model upstream not configuredContact admin

Triggers

  • "check yyclaw balance" / "查看 yyclaw 余额"
  • "yyclaw usage" / "yyclaw 用量"
  • "list yyclaw models" / "yyclaw 模型列表"
  • "call yyclaw model" / "用 yyclaw 调用模型"
  • "yyclaw remaining credit" / "yyclaw 剩余额度"
  • Any mention of calling AI models through YYClaw

Comments

Loading comments...