Pywayne Llm Chat Bot
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: chat-bot Version: 0.1.0 The skill bundle is benign. The `SKILL.md` file provides documentation and code examples for an LLM chat interface, demonstrating how to use the `pywayne.llm.chat_bot` module. There are no instructions for the agent to perform unauthorized actions, exfiltrate data, execute malicious commands, or engage in prompt injection. All examples use placeholder values for sensitive information like API keys and URLs, indicating no hardcoded credentials or malicious endpoints.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Behavior depends on a separately installed pywayne module that is not included in this review.
The skill documents using an external Python module, but the provided artifact set contains only SKILL.md and no module source or install spec, so the module implementation and provenance are not reviewed here.
from pywayne.llm.chat_bot import LLMChat
Install the referenced module only from a trusted source and review or pin the package version if using it in a sensitive environment.
Using the examples may grant the configured LLM provider access under the supplied API key.
The skill requires an LLM provider API key. This is expected for OpenAI-compatible API access, and the artifacts do not show hardcoded keys, credential logging, or unrelated credential use.
api_key="your_api_key" ... | `api_key` | required | API authentication key |
Use a least-privilege API key where possible and avoid pasting secrets into shared code, logs, or chat transcripts.
Conversation content may be processed by the remote or local LLM service configured in `base_url`.
Prompts and responses are sent to the configured OpenAI-compatible endpoint. This is disclosed and central to the skill purpose, but users should understand and trust the selected endpoint.
base_url="https://api.example.com/v1" ... compatible with OpenAI APIs (including local servers like Ollama)
Use trusted endpoints and avoid sending sensitive data to providers whose privacy and retention practices you have not reviewed.
Sensitive information entered earlier in a session may be reused in later turns until history is cleared or the session is removed.
The skill documents multi-turn conversation history and clearing history. Retention is expected for chat sessions, but prior messages can influence later outputs and may contain sensitive context.
# Continuation - remembers previous context ... # Clear history chat.clear_history()
Clear history or remove sessions when switching tasks, users, or sensitivity levels.