← 返回 Skills 市场

moonshot skills

Name: moonshot skills
Author: mendynew

作者 mendynew · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

129

总下载

当前安装

版本数

在 OpenClaw 中安装

/install moonshot

功能描述

使用 () 大模型进行图像分析、OCR提取、文案创作和多模态对话的智能工具

安全使用建议

This package shows many placeholder values (blank env var names, incomplete URLs like "https://api.", missing class/enum identifiers) which make it nonfunctional and potentially dangerous if you try to configure it incorrectly. Before installing or using it: 1) Do not paste any real API keys into the provided .env until the developer clarifies the exact environment variable names and the official endpoint. 2) Verify and correct the base_url to a legitimate, documented API host (compare links in SKILL.md vs. config.json). 3) Inspect all code paths that send image data (client._make_request) and confirm they POST to the official service and not to any personal or malformed endpoint. 4) Run static checks (flake8/mypy) to surface truncated/malformed identifiers and ensure code compiles; treat many blank identifiers as a sign the source was redacted or corrupted. 5) Prefer running this in a sandbox/container and monitor outbound network requests to confirm the destination before using with sensitive images. If you cannot get a clear, consistent set of configuration names and a verified official API endpoint from the maintainer, avoid using the skill. Additional information that would raise confidence: corrected env var names, valid base_url and documentation links, and a release from a known homepage or repository.

功能分析

Type: OpenClaw Skill Name: moonshot Version: 1.0.0 The skill bundle is a well-structured tool for interacting with a multimodal LLM API (likely Moonshot/Kimi) for image analysis, OCR, and copywriting. The code in client.py and cli.py follows standard development practices, using environment variables for API keys and providing clear, functional interfaces. No indicators of malicious intent, such as data exfiltration, unauthorized execution, or harmful prompt injection, were found across the documentation (SKILL.md, prompt.md) or the implementation files.

能力评估

⚠ Purpose & Capability

The skill's stated purpose (image analysis, OCR, copywriting, multimodal chat) is coherent with the included client and CLI code. However many important identifiers are missing or left as placeholders (blank model names, blank env var names, class/function names replaced by empty identifiers). The README/SKILL.md refer to a 'platform' or 'moonshot' API, but config and code use incomplete URLs like "https://api." or "https://platform./". This mismatch makes the claimed capability inconsistent with the actual runnable code.

⚠ Instruction Scope

SKILL.md instructs obtaining an API key and saving it to an environment variable, but the env var name is blank throughout the docs and code (os.getenv("") patterns). The runtime instructions and examples assume a working remote API and an API key; they do not request unrelated system data, but the missing config placeholders give the agent broad discretion (it will try to read environment variables, .env files, and send base64-encoded image data to whatever base_url is configured). The instructions are thus incomplete and grant implicit network access without a clear, correct endpoint.

ℹ Install Mechanism

There is no formal install spec in the registry (instruction-only), but the repository includes Python source and a requirements.txt. Dependencies are normal for this kind of tool (requests, pillow, python-dotenv, etc.). No downloads from arbitrary URLs or extract/install steps are present. The lack of an install manifest is a usability issue but not itself high risk.

⚠ Credentials

Registry metadata lists no required environment variables, yet the code clearly expects an API key from environment (via os.getenv with empty key) and supports BASE_URL and other env vars in docs. The env var names are blank everywhere (README, .env examples, client.py), so required secrets are unspecified and not declared. This mismatch is a red flag: the skill will attempt to use credentials but provides no clear, safe way to configure them and may be misconfigured to send sensitive data to an unintended endpoint if the base_url is changed.

✓ Persistence & Privilege

The skill does not request persistent elevated privileges. always is false and autonomous invocation is allowed by default (expected). The code creates local output directories and writes files only for normal CLI operations; it does not modify other skills or system-wide agent configs. There is no evidence of hidden persistent services.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install moonshot
安装完成后，直接呼叫该 Skill 的名称或使用 /moonshot 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

moonshot v1.0.0 - 初始发布，集成多模态大模型工具 - 支持图像分析与理解、OCR 文字提取、智能文案创作 - 提供多模态对话与图片内容智能问答 - 支持多张图片批量分析和表格结构化提取 - 提供详细使用示例与 API 参数说明 - 集成 Python SDK，附带最佳实践和安全提示

元数据

Slug moonshot

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

moonshot skills 是什么？

使用 () 大模型进行图像分析、OCR提取、文案创作和多模态对话的智能工具. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 129 次。

如何安装 moonshot skills？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install moonshot」即可一键安装，无需额外配置。

moonshot skills 是免费的吗？

是的，moonshot skills 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

moonshot skills 支持哪些平台？

moonshot skills 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 moonshot skills？

由 mendynew（@mendynew）开发并维护，当前版本 v1.0.0。