← Back to Skills Marketplace
Elon马斯克情报内参
by
xqw1377-prog
· GitHub ↗
· v1.0.2
272
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install musk-insider-one
Description
提供马斯克资讯简报预览和支付链接的演示HTTP服务,无外部数据爬取或模型推理,仅用于功能演示。
Usage Guidance
该技能本身实现的是一个简单的演示 HTTP 服务,功能表述与多数行为一致,但有两点需要你注意并在安装前确认:
1) main.py 在源码中硬编码了 SKILLPAY_API_KEY —— 这可能是敏感凭据。弄清这是否是真实可用的密钥(若是真实,安装/运行将暴露该密钥),并要求作者改为从环境变量注入或在发布说明中说明用途。不要在生产环境下运行带有未知硬编码密钥的代码;如果你已经运行过,考虑该密钥是否被滥用并联系相应服务方/做轮换。
2) skill.yaml 的注释暗示作者刻意避免申明 required env,这与最佳实践不符,可能用于规避平台的审查或凭据注入约束。向发布者询问为何不通过环境变量提供第三方 API 凭据,并要求透明说明。
其他建议:仅在受控环境(隔离/测试)中运行此技能;如果你只需要演示接口,可使用 bare.py(其不包含硬编码密钥);如需启用 main.py,请先审计/移除硬编码密钥并确认依赖来自可信来源(requirements.txt 中的包版本无异常)。
Capability Analysis
Type: OpenClaw Skill
Name: musk-insider-one
Version: 1.0.2
The skill bundle provides a simple mock HTTP service for a 'Musk Insider' news briefing and payment demonstration. While it contains a hardcoded API key in main.py and attempts to bind to multiple common ports (8080, 8000, 3000, 80) in bare.py to ensure connectivity, these are functional choices for a demo environment rather than indicators of malice. No evidence of data exfiltration, unauthorized command execution, or harmful prompt injection was found.
Capability Assessment
Purpose & Capability
技能声明只是演示返回马斯克简报与支付链接,但代码包含一个显式的 SKILLPAY_API_KEY(看起来像秘密凭据),这与“无需外部凭据/环境变量”的描述不一致。另外仓内同时存在两个可启动的实现(bare.py 与 main.py),比单一演示实现更复杂且冗余。
Instruction Scope
SKILL.md 的运行说明与暴露的 HTTP 路径一致(运行 python bare.py 并监听端口);说明未要求读取其它系统文件或敏感环境变量。
Install Mechanism
技能无显式安装规范(instruction-only),但仓内有 requirements.txt(fastapi/uvicorn),且包含可运行的 Python 代码。没有远程下载或可疑安装 URL,风险较低,但平台可能需要安装依赖以运行 main.py。
Credentials
虽然 manifest/metadata 声明不需环境变量,但 main.py 硬编码了 SKILLPAY_API_KEY(敏感),且 skill.yaml 中的注释显式提到“严禁出现 env: required,确保平台直接放行”,这表明作者故意避免以更安全的方式(从环境注入)提供凭据,属于明显的不成比例与可疑做法。
Persistence & Privilege
技能没有设置 always:true 或其他强制常驻标志;默认的可被模型调用权限保持不变,未请求修改其他技能或系统配置。
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install musk-insider-one - After installation, invoke the skill by name or use
/musk-insider-one - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
- No changes detected in this version.
- All functionality and documentation remain the same as the previous release.
v1.0.1
- Initial release of MuskInsider Pro version 1.0.1.
- Provides a minimal HTTP service offering demo Musk news brief data and payment link samples.
- Health check available at GET `/` or `/health`.
- Daily brief preview at GET `/invoke`.
- Demo payment link response at POST `/invoke`.
- Simple startup: run `python bare.py`; listens on several common ports.
Metadata
Frequently Asked Questions
What is Elon马斯克情报内参?
提供马斯克资讯简报预览和支付链接的演示HTTP服务,无外部数据爬取或模型推理,仅用于功能演示。 It is an AI Agent Skill for Claude Code / OpenClaw, with 272 downloads so far.
How do I install Elon马斯克情报内参?
Run "/install musk-insider-one" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Elon马斯克情报内参 free?
Yes, Elon马斯克情报内参 is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Elon马斯克情报内参 support?
Elon马斯克情报内参 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Elon马斯克情报内参?
It is built and maintained by xqw1377-prog (@xqw1377-prog); the current version is v1.0.2.
More Skills