← 返回 Skills 市场

ModelReady

Name: ModelReady
Author: carol-gutianle

作者 Carol-gutianle · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

1426

总下载

当前安装

版本数

在 OpenClaw 中安装

/install modelready

功能描述

Start using a local or Hugging Face model instantly, directly from chat.

安全使用建议

This skill appears to implement a local vLLM/OpenAI-compatible server manager, but inspect and take the following precautions before installing/using it: - Dependencies: the script requires python3 and the 'vllm' Python package (and any of vllm's GPU/runtime dependencies). The registry metadata did not declare python3 or vllm and the skill provides no install steps. Only proceed if you install and trust vllm yourself. - Network exposure: default host is 0.0.0.0 which binds to all interfaces and makes the endpoint reachable from other machines on the LAN. Set the host to 127.0.0.1 (use /modelready set_ip ip=127.0.0.1) or run behind a firewall if you want localhost-only access. - Authentication: the server started is OpenAI-compatible but unauthenticated by this wrapper. Do not start models with sensitive data or on a public network without adding access controls. - Files written: the skill writes ~/.model2skill/defaults.env, PID and log files. Review these files for any sensitive content and for persistence you may want to remove them on uninstall. - Input handling: the script accepts EXTRA args and passes them to vllm; be careful when using extra=... to avoid unintended behavior. If the author provided: (1) explicit dependency list (python3, vllm, required versions), (2) an install or dependency-check step, and (3) a safer default bind (127.0.0.1) or an option to require authentication, this assessment could be upgraded to 'benign'. As-is, the mismatches and default network exposure make the skill 'suspicious.'

功能分析

Type: OpenClaw Skill Name: modelready Version: 1.0.0 The skill is classified as suspicious due to the `extra` parameter in `tool/modelready.sh`. This parameter allows arbitrary arguments to be passed directly to the `vllm.entrypoints.openai.api_server` Python command. While not direct arbitrary shell code execution, this broad capability could be abused to misconfigure the vLLM server, potentially leading to resource exhaustion, unintended information disclosure, or other undesirable behaviors depending on the specific arguments supported by vLLM, without clear malicious intent being demonstrated in the provided files.

能力评估

⚠ Purpose & Capability

The script implements exactly the advertised functionality (starting a vLLM/openai-style server and proxying chat requests). However the declared requirements in the registry/metadata are incomplete: the runtime requires python3 and the vllm Python package, but 'python3' and vllm are not listed in required binaries or install specs. SKILL.md metadata also lists an env var 'URL' that isn't used as a required external credential. These mismatches mean the skill's stated requirements do not match what it actually needs to work.

⚠ Instruction Scope

Instructions and the script read/write files under $HOME/.model2skill (defaults.env, pid/log files) which is reasonable. However the script binds by default to HOST=0.0.0.0 (DEFAULT_HOST) exposing the OpenAI-compatible endpoint to the network/LAN unless changed; SKILL.md does not warn about this. The skill will start an unauthenticated HTTP API that, if reachable, could be invoked by other machines on the network. The chat path uses local HTTP requests only (no remote exfiltration), but exposing a model endpoint broadly is a security/privacy concern.

ℹ Install Mechanism

There is no install spec and no code is downloaded — the skill is instruction+script only. That is low-risk from supply-chain perspective but problematic operationally: the script expects python3 and the 'vllm' package to be available. The skill does not provide installation steps or check for vllm; a user may run it and see failures or run an untrusted vllm binary if present.

ℹ Credentials

The skill does not request external credentials and only writes a small defaults file under ~/.model2skill. It does use HOME and network information (hostname/IP) to resolve bind targets. The SKILL.md metadata lists an 'URL' env entry that is inconsistent with the rest of the package; otherwise there are no unexplained SECRET/TOKEN env requirements.

✓ Persistence & Privilege

The skill does persist state to $HOME/.model2skill (defaults, logs, PID files) which is expected for a local server manager. It does not request always:true, does not modify other skills, and does not request elevated privileges.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install modelready
安装完成后，直接呼叫该 Skill 的名称或使用 /modelready 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of ModelReady: Instantly run and chat with local or Hugging Face models from chat. - Start a local or Hugging Face model as an OpenAI-compatible endpoint. - Chat directly with any running model from your conversation. - Manage server: start, stop, check status, and set default host/port. - Simple commands to launch models or send messages without leaving chat.

元数据

Slug modelready

版本 1.0.0

许可证 —

累计安装 4

当前安装数 4

历史版本数 1

常见问题

ModelReady 是什么？

Start using a local or Hugging Face model instantly, directly from chat. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 1426 次。

如何安装 ModelReady？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install modelready」即可一键安装，无需额外配置。

ModelReady 是免费的吗？

是的，ModelReady 完全免费（开源免费），可自由下载、安装和使用。

ModelReady 支持哪些平台？

ModelReady 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 ModelReady？

由 Carol-gutianle（@carol-gutianle）开发并维护，当前版本 v1.0.0。