← Back to Skills Marketplace
374
Downloads
0
Stars
1
Active Installs
4
Versions
Install in OpenClaw
/install sber-gigachat
Description
Integrate GigaChat (Sber AI) with OpenClaw via gpt2giga proxy
Usage Guidance
This skill appears to do what it claims, but before installing: (1) review the gpt2giga package on PyPI/GitHub to ensure you trust it (pip install will run third‑party code); (2) store your CLIENT_ID/CLIENT_SECRET carefully (the skill uses a base64-encoded GIGACHAT_CREDENTIALS in a file—use chmod 600 and keep it in your home directory); (3) check ~/.openclaw/gpt2giga.log after startup for any sensitive output (tokens might appear in logs depending on upstream library behavior); (4) back up your openclaw.json before running the patch script (the script does create a .bak but verify contents); (5) consider running the proxy on an isolated user account or container if you want extra separation; and (6) install the Sber root CA to enable SSL verification as suggested to avoid running with TLS verification disabled.
Capability Analysis
Type: OpenClaw Skill
Name: sber-gigachat
Version: 1.1.2
The skill bundle contains functional scripts for GigaChat integration but includes high-risk security practices and vulnerabilities. Specifically, `scripts/start-proxy.sh` and `scripts/start.sh` explicitly disable SSL certificate verification by default if the Sber CA is not found, which exposes the connection to Man-in-the-Middle (MITM) attacks. Additionally, `scripts/patch-config.sh` is vulnerable to Python code injection because it unsafely interpolates the `$CONFIG` environment variable directly into a `python3 -c` command string. While these appear to be functional workarounds or unintentional flaws, they constitute significant security risks.
Capability Assessment
Purpose & Capability
Name/description, required binaries (python3, curl), required env vars (GIGACHAT_CREDENTIALS, GIGACHAT_SCOPE), and the packaged scripts all align with running a local gpt2giga proxy and patching OpenClaw config. The primary credential and declared config paths match the described workflow.
Instruction Scope
SKILL.md and included scripts limit actions to: loading the local env file, starting/stopping a local gpt2giga process, backing up and patching the OpenClaw config, and checking process/port status. Scripts source a user-local env file and may be influenced by optional env overrides (GIGACHAT_ENV_FILE, OPENCLAW_CONFIG) but do not reference or exfiltrate other system secrets or remote endpoints beyond the expected Sber API via gpt2giga.
Install Mechanism
Installation is via pip (scripts/setup.sh: pip3 install gpt2giga) / declared uv package 'gpt2giga'. This is expected for a Python proxy but carries the usual PyPI risk (installing third-party package code). There are no downloads from unknown URLs or archive extracts in the skill itself.
Credentials
Only GIGACHAT_CREDENTIALS and GIGACHAT_SCOPE are required, which is proportionate for an OAuth-based proxy. The skill advises storing credentials in a local env file and exporting them; those files are sensitive and should be permissioned (the skill itself recommends chmod 600). Note: scripts export additional non-secret env flags (GIGACHAT_VERIFY_SSL_CERTS, GPT2GIGA_HOST/PORT) and write logs to ~/.openclaw/gpt2giga.log which could contain diagnostic info.
Persistence & Privilege
Skill is not always-enabled and is user-invocable. It writes its own PID/log files under the user's ~/.openclaw directory and can patch the user's OpenClaw config (intentional for its purpose). It does not request system-wide privileges or modify other skills' credentials.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install sber-gigachat - After installation, invoke the skill by name or use
/sber-gigachat - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.2
**Summary: Simplified proxy setup and token management—gpt2giga now handles OAuth internally.**
- No more manual token generation or refresh; gpt2giga uses env vars for credentials and manages OAuth automatically.
- Added script to patch OpenClaw config for easy integration.
- Updated documentation to reflect streamlined startup and troubleshooting.
- Now requires both python3 and curl; install instructions updated.
- More detailed script management (start, stop, status, patch config) included.
v1.1.1
Version 1.1.1
- Updated minimum requirements: now only Python 3 is listed as a required binary (removed curl and jq).
- Clarified skill limitations regarding credential handling and SSL verification.
- Enhanced security advice: environment variables are used exclusively for credentials; users should secure their env file.
- Documentation changes only; no functional code changes.
v1.1.0
**Metadata and compatibility enhancements for GigaChat skill.**
- Added metadata block with emoji, homepage, OS compatibility, binary requirements, environment variables, and config file paths.
- Bumped version to 1.1.0.
- No changes to features, code, or instructions—documentation and metadata update only.
v1.0.0
Initial release. GigaChat integration via gpt2giga proxy — supports GigaChat, GigaChat-Pro, GigaChat-Max with OpenAI-compatible API.
Metadata
Frequently Asked Questions
What is GigaChat (Sber AI) Proxy?
Integrate GigaChat (Sber AI) with OpenClaw via gpt2giga proxy. It is an AI Agent Skill for Claude Code / OpenClaw, with 374 downloads so far.
How do I install GigaChat (Sber AI) Proxy?
Run "/install sber-gigachat" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is GigaChat (Sber AI) Proxy free?
Yes, GigaChat (Sber AI) Proxy is completely free (open-source). You can download, install and use it at no cost.
Which platforms does GigaChat (Sber AI) Proxy support?
GigaChat (Sber AI) Proxy is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux).
Who created GigaChat (Sber AI) Proxy?
It is built and maintained by Alex (@smvlx); the current version is v1.1.2.
More Skills