通过 JumpOnce 代理服务访问海外被封禁的 API（币安 US、GitHub、Google、OpenAI 等），支持 HTTP 转发和 WebSocket 透传，出口节点位于 Oracle Cloud 美国凤凰城

Name: 通过 JumpOnce 代理服务访问海外被封禁的 API（币安 US、GitHub、Google、OpenAI 等），支持 HTTP 转发和 WebSocket 透传，出口节点位于 Oracle Cloud 美国凤凰城
Author: men459

作者 men459 · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

105

总下载

当前安装

版本数

在 OpenClaw 中安装

/install jump-once-proxy

功能描述

Access overseas/external URLs via JumpOnce proxy service (jumptox.top). Use when: (1) needing to fetch content from websites blocked or unreachable from the...

使用说明 (SKILL.md)

JumpOnce Proxy

Forward HTTP/WS requests through JumpOnce proxy to access overseas resources.

Setup

Get API Key

Register & login at panel.jumptox.top
Go to Console → API Keys → Create
Copy the key (starts with jk_live_)

Configure

export JUMPONCE_API_KEY="jk_live_xxxxxxxxxxxx"

Or save it in workspace TOOLS.md for persistent access.

Quick Usage

Option A: Python SDK

pip install jump-once

from jump import Client

client = Client(api_key="jk_live_xxxxxxxxxxxx")

# HTTP GET
result = client.http.forward(url="https://example.com/api")
print(result.status_code, result.body)

# HTTP POST
result = client.http.forward(
    url="https://api.example.com/data",
    method="POST",
    body='{"key": "value"}',
    headers={"Content-Type": "application/json"},
)

Option B: Direct API Call

import requests

resp = requests.post(
    "http://api.jumptox.top/api/v1/http/request",
    json={
        "url": "https://example.com/api",
        "method": "GET",
        "headers": {},
        "params": {},
        "timeout": 30,
    },
    headers={"Authorization": "Bearer jk_live_xxxxxxxxxxxx"},
)
print(resp.json())

Option C: Bundled Script

python scripts/forward_request.py --url "https://example.com" --api-key "jk_live_xxx"

Use --raw flag for unparsed response, --body for POST data.

Endpoints

Structured forward: POST /api/v1/http/request — returns {code, data: {statusCode, headers, body, elapsed}}
Raw passthrough: POST /api/v1/http/raw — returns target's raw response
WebSocket: See API Reference for channel management

Limits

HTTP body: 10 MB | Timeout: 120 s | Redirects: 5
Allowed ports: 80, 443, 8080, 8443
WS frame: 1 MB | WS idle: 30 min

Full API docs: references/api-reference.md

安全使用建议

This skill does what it says (forwards HTTP/WebSocket traffic through jumptox.top), but there are red flags you should consider before installing: (1) the registry metadata fails to declare the required JUMPONCE_API_KEY — expect to provide that secret yourself; (2) the docs instruct storing the key in a workspace file (TOOLS.md) — don’t store secrets in plaintext files; use a secure secret store or environment variable instead; (3) the provided examples and script use http://api.jumptox.top (plain HTTP) which would expose your API key in transit — confirm the provider supports HTTPS and update calls to use TLS; (4) the README suggests installing an external package 'jump-once' from PyPI — only install it after vetting the package source and contents; (5) be aware that enabling this skill gives an agent network relay capability to access sites your local network blocks (including services you may not want the agent to contact). If you still want to use it: verify the provider's identity/trustworthiness, require HTTPS endpoints, avoid storing keys in repo/workspace files, add the required env var to the skill metadata, and review any third-party packages before installing.

功能分析

Type: OpenClaw Skill Name: jump-once-proxy Version: 1.0.0 The skill facilitates routing HTTP and WebSocket traffic through a third-party proxy service (jumptox.top). It is classified as suspicious because the provided script (scripts/forward_request.py) and documentation (SKILL.md, api-reference.md) default to using an unencrypted HTTP endpoint (http://api.jumptox.top) for API requests, which transmits the JUMPONCE_API_KEY and potentially sensitive user data in plain text. While the tool's stated purpose is to bypass network restrictions, the use of insecure communication for authentication and the inherent risks of routing traffic through an unverified third-party proxy pose significant security concerns.

能力标签

requires-sensitive-credentials

能力评估

⚠ Purpose & Capability

The skill's name/description (HTTP/WS forwarding via JumpOnce) matches the included code and docs: the script and API reference perform proxy forwarding. However the registry metadata does not declare the required JUMPONCE_API_KEY environment variable even though SKILL.md and scripts require it — this mismatch is an incoherence that should have been declared in requires.env.

⚠ Instruction Scope

SKILL.md explicitly instructs the agent/user to obtain and use an API key and to 'save it in workspace TOOLS.md for persistent access' (this encourages storing secrets in plaintext). The bundled script and references use the base URL 'http://api.jumptox.top' (plain HTTP) which would send Authorization headers and API keys without TLS if used as-is. The instructions permit forwarding arbitrary target URLs and WebSocket connections, which is functionally necessary for a proxy but also gives broad discretion that can be abused for exfiltration or connecting to malicious endpoints.

ℹ Install Mechanism

There is no formal install spec (instruction-only with one helper script included). The README suggests 'pip install jump-once' (an external/unknown PyPI package) — pulling an unvetted package is a moderate risk if followed. The included helper script itself is small and straightforward and does not contain obfuscated or unexpected behavior.

⚠ Credentials

The skill requires a single API key for the proxy service, which is proportionate to the functionality, but the registry did not declare this required env var. Worse, the documentation suggests saving the key in a workspace file (TOOLS.md), which is insecure. Also the script posts the API key to an HTTP endpoint (api.jumptox.top) — transmitting secrets over plain HTTP is a significant security issue.

ℹ Persistence & Privilege

The skill does not request always:true and has no declared system-wide persistence. Autonomous invocation is enabled (default) — that is normal — but note that giving an agent access to this skill effectively grants it the ability to reach external/blocked networks via the proxy, increasing the agent's network capabilities and blast radius.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install jump-once-proxy
安装完成后，直接呼叫该 Skill 的名称或使用 /jump-once-proxy 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of jump-once-proxy skill. - Proxy HTTP and WebSocket requests to overseas resources via JumpOnce service. - Supports both structured and raw HTTP forwarding, plus WebSocket relay. - Provides setup and quick usage instructions (API key, Python SDK, API endpoint, and script). - Documents supported endpoints, limits, and configuration methods. - Oracle Cloud Phoenix, USA server used as proxy exit.

元数据

Slug jump-once-proxy

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题