← Back to Skills Marketplace

EPAI

Name: EPAI
Author: iamlovingit

by Iamlovingit · GitHub ↗ · v1.0.4

cross-platform ⚠ suspicious

505

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install epaiskill

Description

EPAI 平台管理技能，通过 CLI 操作知识库、文档和目录。

README (SKILL.md)

\r \r

EPAI Skill\r

\r 此 Skill 封装了 EPAI 平台的管理操作，所有接口都通过 scripts/epaiclt.py 调用。\r \r

使用示例\r

列出所有知识库\r

python scripts/epaiclt.py --method kb_list\r
```\r
\r
### 创建知识库（必须指定 catalog_id）\r
\r
```bash\r
python scripts/epaiclt.py   --method kb_create   --name "知识库名称"   --description "知识库描述"   --catalog_id \x3C目录ID>\r
```\r
\r
### 删除知识库\r
\r
```bash\r
python scripts/epaiclt.py   --method kb_delete   --kb_ids kb_id1 kb_id2 ...\r
```\r
\r
### 上传文件到知识库\r
\r
```bash\r
python scripts/epaiclt.py   --method document_upload   --kb_id \x3C知识库ID>   --file ./file1.pdf ./file2.docx\r
```\r
\r
### 获取目录列表\r
\r
```bash\r
python scripts/epaiclt.py --method catalog_list\r
```\r
\r
### 创建目录（必须指定 parent_id）\r
\r
```bash\r
python scripts/epaiclt.py   --method catalog_create   --name "目录名称"   --parent_id \x3C父目录ID>\r
```\r
\r
### 删除目录\r
\r
```bash\r
python scripts/epaiclt.py   --method catalog_delete   --catalog_id \x3C目录ID>\r
```\r
\r
### 获取知识库文档列表\r
\r
```bash\r
python scripts/epaiclt.py   --method document_list   --kb_id \x3C知识库ID>\r
```\r
\r
### 批量删除知识库文档\r
\r
```bash\r
python scripts/epaiclt.py   --method document_delete   --doc_ids doc_id1 doc_id2 ...\r
```\r
\r
\r

Usage Guidance

This skill appears to be a straightforward CLI client for an EPAI API and is internally consistent, but take these precautions before installing: - Only set EPAI_API_BASE to a trusted endpoint: the script will send your EPAI_API_KEY, EPAI_ACCOUNT, and any uploaded files to that base URL. - Be careful when uploading local files: the skill reads and posts the files you point it at; do not upload sensitive documents to an untrusted server. - Do not disable TLS verification (EPAI_VERIFY_TLS=false) unless you understand the risk; default is to verify TLS. - Ensure the runtime has the Python 'requests' library available or the script will fail. - The skill has no homepage or publisher metadata; if you need higher assurance, request provenance (who published it) or review/run it in an isolated environment first. - Use least-privilege API credentials (scoped key) and rotate/revoke the key if you stop using the skill. If you want a deeper assessment, provide the publisher details or any external endpoints the API_BASE should point to so I can flag unexpected domains or details.

Capability Analysis

Type: OpenClaw Skill Name: epaiskill Version: 1.0.4 The skill is classified as suspicious due to a potential path traversal vulnerability in `scripts/epaiclt.py`. The `document_upload` function directly uses user-provided file paths (from the `--file` argument) with `os.path.exists` and `open(f, 'rb')`. While the `SKILL.md` declares `file-read` permission for document uploads, this direct usage without input sanitization could allow an attacker to instruct the AI agent (via prompt injection) to read arbitrary files from the host system (e.g., `/etc/passwd`) if the agent does not sanitize the file paths before passing them to the script. The script then attempts to upload these files to the configured `EPAI_API_BASE`, which could become an exfiltration vector if the API endpoint is compromised or controlled by an attacker, although the skill itself does not redirect to a malicious endpoint.

Capability Assessment

✓ Purpose & Capability

Name/description (EPAI platform management) match the code and SKILL.md: the script calls API endpoints to list/create/delete knowledge bases, catalogs and upload documents. The declared env vars (API base, API key, account, verify TLS) are appropriate and necessary for this purpose.

✓ Instruction Scope

SKILL.md only instructs running the included Python CLI with explicit methods. It explicitly declares file-read permission for uploads and does not ask the agent to read unrelated system files or extra environment variables. The script opens local files only when performing document_upload, which is declared.

ℹ Install Mechanism

No install spec (instruction-only plus a bundled Python script) — low risk from installers. Note: the script depends on the 'requests' library but the SKILL.md doesn't list Python dependencies, so the runtime environment must provide requests or the script will fail.

✓ Credentials

Required environment variables (EPAI_API_BASE, EPAI_API_KEY, EPAI_ACCOUNT, EPAI_VERIFY_TLS) are proportional to a service client. The script does not access additional secrets or unrelated system config paths.

✓ Persistence & Privilege

Skill is not always-enabled, does not request persistent system-wide changes, and does not modify other skills' configuration. Autonomous invocation is permitted (platform default) but not combined with other high-risk flags.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install epaiskill
After installation, invoke the skill by name or use /epaiskill
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.4

- No changes were made in this version. - The SKILL.md file remains unchanged from the previous release.

v1.0.3

- Added detailed examples and default values for environment variables in SKILL.md. - Declared file-read permission for uploading documents. - No code changes; documentation and permissions were updated only.

v1.0.2

Initial release with core EPAI platform management features. - Added example environment variable file (.env.example) for configuration guidance. - Supports managing knowledge bases, documents, and directories via CLI. - Introduces commands for listing, creating, uploading, and deleting for both knowledge bases and catalogs. - Enforces explicit specification of catalog_id and parent_id when creating knowledge bases and directories.

v1.0.1

- 增加了必需的环境变量 EPAI_VERIFY_TLS，用于控制安全验证设置 - 更新了环境变量配置说明，涵盖 Windows 和 Linux/macOS 平台 - 其余功能和操作未变

v1.0.0

epai 1.0.0 – Initial release - Provides management skills for the EPAI platform, including creating, listing, and deleting knowledge bases. - Supports document upload to specified knowledge bases. - All actions executed via the Python CLI script `epaiclt.py`. - Requires configuration of environment variables for API access. - Includes examples and instructions for common operations.

Metadata

Slug epaiskill

Version 1.0.4

License —

All-time Installs 1

Active Installs 1

Total Versions 5

Frequently Asked Questions

What is EPAI?

EPAI 平台管理技能，通过 CLI 操作知识库、文档和目录。 It is an AI Agent Skill for Claude Code / OpenClaw, with 505 downloads so far.

How do I install EPAI?

Run "/install epaiskill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is EPAI free?

Yes, EPAI is completely free (open-source). You can download, install and use it at no cost.

Which platforms does EPAI support?

EPAI is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created EPAI?

It is built and maintained by Iamlovingit (@iamlovingit); the current version is v1.0.4.

More Skills