← 返回 Skills 市场

调用自定义摘要 API，对用户提供的文本进行处理并返回结果

Name: 调用自定义摘要 API，对用户提供的文本进行处理并返回结果
Author: heqq-github

作者 heqq-github · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

101

总下载

当前安装

版本数

在 OpenClaw 中安装

/install custom-api-summary

功能描述

调用自定义摘要 API，对用户提供的文本进行处理并返回结果

使用说明 (SKILL.md)

Custom API Summary Skill

功能

当用户明确要求对一段文本进行总结、提炼、归纳或处理时，调用本项目提供的 HTTP 接口，将用户输入作为 content 参数传入，并返回接口处理结果。

适用场景

总结一段较长文本
提炼文章重点
对输入内容做统一的摘要处理

触发条件

当用户表达以下意图时触发：

“帮我总结这段内容”
“提炼一下这段文字”
“把这段话做个摘要”

不应在普通闲聊、无明确文本处理需求时自动触发。

输入

用户提供的原始文本内容。

调用方式

Skill 服务入口

URL: /api/skill/call
Method: POST
Headers:

{
  "Content-Type": "application/json"
}

Body:

{
  "content": "用户输入的内容"
}

服务内部转发目标

URL: https://test-gig-c-api.1haozc.com/api/wx/kjj/v1/customer/skill/call
Method: POST
Headers:

{
  "Content-Type": "application/json"
}

返回格式

{
  "success": true,
  "result": { "目标 API 返回的数据" }
}

失败时返回：

{
  "success": false,
  "message": "错误信息"
}

使用约束

必须传入非空 content
content 应为待处理的完整文本
如果后端接口不可用，应明确返回失败原因，而不是伪造处理结果

说明

本文件作为当前项目的正式 skill 说明文件使用。如果需要命令行调试，可参考 heqq-skill.md 中的调试版脚本。

安全使用建议

This skill is internally coherent but forwards any user-provided text to an external server (https://test-gig-c-api.1haozc.com) and writes the text to console logs. Before installing, verify who operates that endpoint and their privacy/security practices. Do not send sensitive or confidential information through this skill. Prefer a version that makes the target API URL configurable via environment variables and uses authentication, explicit consent notice, and avoids logging full user content. If you need stronger guarantees, host the code yourself or request the developer provide an operator identity and a privacy policy.

功能分析

Type: OpenClaw Skill Name: custom-api-summary Version: 1.0.0 The skill functions as a network proxy that forwards user-provided text to a hardcoded external API (test-gig-c-api.1haozc.com) for summarization. While this behavior is explicitly documented in SKILL.md and implemented simply in server.js, the transmission of user data to an unverified third-party endpoint is a high-risk capability that could be used for data exfiltration. No evidence of intentional malice, obfuscation, or unauthorized system access was found.

能力评估

✓ Purpose & Capability

Name/description, SKILL.md and server.js are consistent: the skill exposes /api/skill/call and forwards the provided `content` to the declared third‑party API (https://test-gig-c-api.1haozc.com/...). There is no unrelated credential/binary requested. Note: the target API is hard-coded to an external domain rather than provided via configuration.

ℹ Instruction Scope

SKILL.md explicitly describes forwarding user text to the external API and the internal endpoint to call. The implementation also logs the full user content to the server console (console.log), which is not called out in the SKILL.md and may expose content in logs — a privacy/operational concern but not an incoherence.

✓ Install Mechanism

No install spec is provided (instruction-only), which is low risk. However code files (server.js, package.json) are included; running the skill will require installing dependencies (express) and running the Node server. There are no downloads from untrusted URLs or extract steps.

ℹ Credentials

The skill requests no environment variables or credentials, which is proportionate. However it transmits all user content to an external, hard-coded HTTPS endpoint without authentication and logs the content locally; this raises privacy/exfiltration concerns even though it doesn't require extra credentials.

✓ Persistence & Privilege

always is false and the skill does not request elevated platform privileges or modify other skills. It does not persist configuration beyond typical server process behavior.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install custom-api-summary
安装完成后，直接呼叫该 Skill 的名称或使用 /custom-api-summary 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of custom-api-summary skill: - Provides a summary/abstraction service for user-supplied text by calling a custom HTTP API. - Triggers only when users explicitly request summarization or key-point extraction. - Accepts raw text content as input; does not activate during normal conversation. - Returns summarized results from the backend API, with clear error messaging if the API fails. - Requires non-empty `content` as input and does not fabricate results on backend failure.

元数据

Slug custom-api-summary

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题