Call Aida App
ReviewAudited by ClawScan on May 1, 2026.
Overview
This skill is a straightforward AIDA API wrapper, but users should notice it sends their inputs and a bearer-style app ID to AIDA and has a documentation/script-name mismatch.
Install this only if you intend to call AIDA apps from OpenClaw. Treat the appid as a secret bearer credential, review what data you place in inputs/query before sending it to AIDA, and use call_aida_app.py rather than the main.py path shown in SKILL.md.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anything placed in inputs or query will be transmitted to the AIDA service.
The script sends the provided inputs, query, and user identifier to the disclosed AIDA endpoint. This is the core purpose of the skill, but users should treat it as an external/internal service data transfer.
AIDA_API_URL = "https://aida.vip.sankuai.com/v1/chat-messages" ... body = {"inputs": inputs, "query": query, "response_mode": "blocking", "user": user}Only provide data that is appropriate to send to AIDA, and avoid including secrets or unrelated private content in the inputs.
If an appid is sensitive in the AIDA environment, sharing it with the skill grants the skill authority to call that AIDA app.
The user-provided appid is used as a Bearer authorization value, making it credential-like even though the registry metadata does not declare a primary credential.
"Authorization": f"Bearer {appid}"Treat AIDA app IDs used as bearer tokens as secrets, provide them only for intended calls, and prefer metadata that clearly declares this credential use.
The agent may fail to invoke the skill correctly or may require the user to choose the correct script path.
SKILL.md tells the agent to run main.py, but the provided file manifest contains call_aida_app.py and no main.py. Other documentation uses call_aida_app.py, so this appears to be a packaging/documentation mismatch rather than hidden behavior.
python3 main.py --appid <用户提供的appid> --query "<用户提供的query>" --inputs '<用户提供的inputs的JSON字符串>'
Use the included call_aida_app.py script and ask the publisher to update SKILL.md so the executable name and install path are consistent.