← Back to Skills Marketplace

Shuttle AI Chatbot

Name: Shuttle AI Chatbot
Author: sean810720

by https://github.com/account/ssh · GitHub ↗ · v2.0.1 · MIT-0

cross-platform ⚠ suspicious

236

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install shuttle-ai-chatbot

Description

直接調用本地 AI /chat_direct API，支援單次與批次查詢，產品比較，輸出 JSON 或純文字，無需瀏覽器自動化。

Usage Guidance

This skill appears to do what it says (call a local /chat_direct API), but it constructs curl commands by interpolating user-provided URLs and queries into a shell command without validation or safe escaping. That can lead to command injection or accidental data exfiltration to arbitrary hosts. Before installing or running: (1) review or run the code in a sandbox/container; (2) avoid passing untrusted --url values and do not point it to public endpoints unless you trust them; (3) avoid feeding untrusted batch files; (4) consider patching the code to use a proper HTTP client (e.g., node's fetch or axios) or use child_process.spawn/execFile with arguments (not a single shell string), and validate/whitelist allowed hosts (localhost/private IPs) to enforce the intended local-only behavior; (5) verify the session ID/README inconsistencies if you need exact logging format. If you are not comfortable reviewing or patching the code, do not run it against sensitive environments or as privileged user.

Capability Analysis

Type: OpenClaw Skill Name: shuttle-ai-chatbot Version: 2.0.1 The skill is classified as suspicious due to a shell injection vulnerability in `index.js`, where user-supplied queries are concatenated into a `curl` command via `child_process.exec` without escaping single quotes. Additionally, there is a significant discrepancy between the documentation in `SKILL.md` (which claims to have implemented URL validation for security) and the actual code in `index.js`, which lacks any such validation and defaults to a hardcoded internal IP address (`192.168.100.98:8888`). These issues represent critical security flaws and misleading documentation regarding the skill's safety features.

Capability Assessment

ℹ Purpose & Capability

The name/description match the code: the CLI issues POSTs to a /chat_direct endpoint and supports single and batch queries. It does not request credentials or config paths. Minor inconsistencies: SKILL.md repeatedly states session ID format 'shuttle-cli-YYYYMMDD', while index.js actually generates 'shuttle-cli-{random16}_{YYYYMMDD}' (the README also mentions a random 16-code). SKILL.md changelog claims prior URL validation to restrict to localhost/private IPs, but there is no URL validation in the code — the CLI accepts any --url.

⚠ Instruction Scope

The runtime instructions and code shell out to curl via child_process.exec with a command string that interpolates user-provided inputs (options.url and queries). These inputs are not validated or safely escaped. That creates command-injection and/or broken-shell-invocation risks (e.g., malicious --url or a query line containing characters that break the single-quoted JSON payload). Although the SKILL.md states the tool is meant for local/private endpoints, the code allows arbitrary URLs, so an attacker or misconfiguration could make the tool send data to external hosts.

✓ Install Mechanism

No external download/install script is present; the package includes index.js and a normal package.json with a single dependency (commander). There is no install spec that fetches arbitrary archives or executes remote installers. The Node dependency is from the npm registry (package-lock included).

✓ Credentials

The skill does not request environment variables, credentials, or config paths. It requires a reachable AI service URL (default is a private IP) and Node/curl. However, because the URL is user-controllable and not validated, the tool can be used to transmit query contents to arbitrary endpoints — a proportionality/abuse risk even though no secrets are requested.

✓ Persistence & Privilege

The skill does not request elevated or persistent privileges; 'always' is false and there is no behavior that modifies other skills or global agent settings. It is a normal user-invoked CLI skill.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install shuttle-ai-chatbot
After installation, invoke the skill by name or use /shuttle-ai-chatbot
Provide required inputs per the skill's parameter spec and get structured output

Version History

v2.0.1

shuttle-ai-chatbot v2.0.1 - 技能 slug 更名：從 shuttle-qc-ai-chatbot 改為 shuttle-ai-chatbot - 發布至 ClawHub，正式上架

Metadata

Slug shuttle-ai-chatbot

Version 2.0.1

License MIT-0

All-time Installs 1

Active Installs 1

Total Versions 1

Frequently Asked Questions

What is Shuttle AI Chatbot?

直接調用本地 AI /chat_direct API，支援單次與批次查詢，產品比較，輸出 JSON 或純文字，無需瀏覽器自動化。 It is an AI Agent Skill for Claude Code / OpenClaw, with 236 downloads so far.

How do I install Shuttle AI Chatbot?

Run "/install shuttle-ai-chatbot" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Shuttle AI Chatbot free?

Yes, Shuttle AI Chatbot is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Shuttle AI Chatbot support?

Shuttle AI Chatbot is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Shuttle AI Chatbot?

It is built and maintained by https://github.com/account/ssh (@sean810720); the current version is v2.0.1.

More Skills