Coze
v1.0.0Coze 扣子 AI Bot 开发助手,精通 Bot 搭建、插件开发、工作流编排、知识库配置
⭐ 1· 288·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description describe a Coze bot development assistant and the SKILL.md content is focused on bot building, plugins, workflows, knowledge bases and publishing channels — all coherent with the stated purpose.
Instruction Scope
The instructions stay within the domain of building and publishing Coze bots. The doc includes an example HTTP API call with an Authorization Bearer token (pat_xxx), but it does not instruct the agent to read unrelated files, environment variables, or system state. Metadata does not declare any required env vars even though the docs show how an API token would be used.
Install Mechanism
No install spec and no code files (instruction-only). This is the lowest-risk model: nothing will be written to disk or automatically installed by the skill.
Credentials
The skill declares no required environment variables or credentials. The documentation shows usage of an API Bearer token for Coze, which is expected for calling the service; lack of declared env vars is not harmful but means the user must supply tokens at runtime. No unrelated secrets are requested.
Persistence & Privilege
always is false, the skill does not request permanent presence or system-wide changes, and there are no installation scripts or config writes described.
Assessment
This skill is a documentation-only helper for building Coze bots and appears internally consistent. Before using it: (1) don't paste real API tokens into public prompts — the SKILL.md example uses a placeholder token; supply tokens securely when you actually call the API; (2) confirm you intend to interact with coze.cn / coze.com and that those endpoints are correct for your region; (3) because the skill's source/homepage are unknown, be cautious about trusting any external instructions that ask you to run code or share credentials — this particular skill doesn't request them, but any subsequent code snippets or third-party plugins you follow up on might; (4) follow least-privilege practices for any API keys and test bots in a sandbox or with restricted data before publishing.Like a lobster shell, security has layers — review code before you run it.
latestvk97437eaxrmgy5bmv481742gm583agag
License
MIT-0
Free to use, modify, and redistribute. No attribution required.