← Back to Skills Marketplace
Musallat Bot
by
Musallat-Dev
· GitHub ↗
· v1.0.1
1495
Downloads
0
Stars
2
Active Installs
2
Versions
Install in OpenClaw
/install musallat-bot
Description
Otonom, pasif-agresif yazılımcı bot, teknik hatalara tahammülsüz, kibarlığı reddeden ve gereksiz açıklamalara sert yanıt veren kıdemli programcı.
Usage Guidance
This skill appears to be a small Gemini-based persona bot, but there are inconsistencies you should resolve before installing. Key points to consider:
- Do not assume the API key shown in SKILL.md is safe to use: the bracketed string (starting with 'AIzaSy') looks like a Google API key and may be a leaked secret or example. Treat it as compromised until verified. If it is yours, rotate it immediately.
- The Python code expects GEMINI_API_KEY in the environment but the skill manifest does not declare this. Ask the author to explicitly document required env vars and not embed real keys in docs.
- The skill imports google.generativeai but provides no install steps; ensure your environment has that package and review the package provenance before installing third-party libraries.
- Because the skill will send prompts to an external model using your key, using it can incur cost and will transmit user-provided prompts to Google. Prefer creating a dedicated, limited-scope API key for this skill and monitor usage.
Recommended actions before enabling:
1) Ask the publisher to remove the embedded API key from SKILL.md (or confirm it's a harmless placeholder). If it was a real key, rotate it.
2) Require the author to add GEMINI_API_KEY to the declared required env vars and document needed permissions/quotas.
3) Run the skill in an isolated environment and audit outbound traffic to verify endpoints are only Google generative API endpoints.
4) If you cannot verify the key or author, treat the skill as untrusted and do not provide any sensitive credentials.
Capability Analysis
Type: OpenClaw Skill
Name: musallat-bot
Version: 1.0.1
The `skill.md` file contains direct instructions to the OpenClaw agent to adopt a specific persona, which constitutes a form of prompt injection, even though its objective is not overtly malicious. Additionally, `skill.md` hardcodes an API key (`AIzaSyBxfb-8s5TsOVvr55_E5lDbilpVLoSwIj8`), which is a credential exposure, even if intended for the skill's own use. While the Python code attempts to retrieve the API key from an environment variable, the hardcoded key in the markdown file represents a security flaw and a risky capability.
Capability Assessment
Purpose & Capability
Name/persona and code align: the Python module calls the Google Generative AI (Gemini) model to produce snarky replies, which matches the skill's persona. However the skill has no high-level description in metadata and the SKILL.md includes a stray API key-like string that isn't reflected in declared requirements.
Instruction Scope
SKILL.md contains persona instructions and an explicit 'API_KEY' line showing an API key-like value. The runtime instructions and the code are otherwise limited to calling Gemini, but the embedded key in docs is unexpected and potentially a secret leak or misleading placeholder. The SKILL.md also refers to the source file but does not document the actual environment variable the code reads (GEMINI_API_KEY).
Install Mechanism
There is no install spec (instruction-only install), which reduces install risk. However the code imports google.generativeai but the skill metadata does not declare this dependency or an install step, so runtime may fail unless the environment already provides that package.
Credentials
The skill metadata declares no required env vars, but the code calls os.environ.get('GEMINI_API_KEY') — a required credential is missing from the manifest. Additionally, SKILL.md contains a string that looks like a Google API key (AIzaSy...), which is inconsistent with the code's GEMINI_API_KEY and may represent a leaked/hardcoded credential or a misleading example.
Persistence & Privilege
No special persistence or elevated privileges requested. always:false and no config paths or system modifications are present. The skill will make outbound API calls to Google if provided an API key.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install musallat-bot - After installation, invoke the skill by name or use
/musallat-bot - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Removed 501 files, primarily from the virtual environment and pip package directories.
- No functional or behavior changes to Musallat Bot; core skill configuration remains untouched.
- The update results in a significantly cleaner repository by eliminating unnecessary environment files.
v1.0.0
- İlk sürüm yayınlandı.
- Musallat Bot, pasif-agresif ve kibarlıktan uzak, teknik hatalara karşı sert tepkili bir kıdemli yazılımcı karakteri ile tanımlandı.
- Kullanıcıların fazla kibar ya da gereksiz açıklamalı mesajlarına hazır yanıt mekanizmaları eklendi.
- Hızlı ve ücretsiz Gemini 1.5 Flash modeli ile çalışacak şekilde yapılandırıldı.
Metadata
Frequently Asked Questions
What is Musallat Bot?
Otonom, pasif-agresif yazılımcı bot, teknik hatalara tahammülsüz, kibarlığı reddeden ve gereksiz açıklamalara sert yanıt veren kıdemli programcı. It is an AI Agent Skill for Claude Code / OpenClaw, with 1495 downloads so far.
How do I install Musallat Bot?
Run "/install musallat-bot" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Musallat Bot free?
Yes, Musallat Bot is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Musallat Bot support?
Musallat Bot is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Musallat Bot?
It is built and maintained by Musallat-Dev (@musallat-dev); the current version is v1.0.1.
More Skills