← 返回 Skills 市场

GigaChat (Sber AI) Proxy

Name: GigaChat (Sber AI) Proxy
Author: smvlx

作者 Alex · GitHub ↗ · v1.1.2

darwinlinux ⚠ suspicious

374

总下载

当前安装

版本数

在 OpenClaw 中安装

/install sber-gigachat

功能描述

Integrate GigaChat (Sber AI) with OpenClaw via gpt2giga proxy

安全使用建议

This skill appears to do what it claims, but before installing: (1) review the gpt2giga package on PyPI/GitHub to ensure you trust it (pip install will run third‑party code); (2) store your CLIENT_ID/CLIENT_SECRET carefully (the skill uses a base64-encoded GIGACHAT_CREDENTIALS in a file—use chmod 600 and keep it in your home directory); (3) check ~/.openclaw/gpt2giga.log after startup for any sensitive output (tokens might appear in logs depending on upstream library behavior); (4) back up your openclaw.json before running the patch script (the script does create a .bak but verify contents); (5) consider running the proxy on an isolated user account or container if you want extra separation; and (6) install the Sber root CA to enable SSL verification as suggested to avoid running with TLS verification disabled.

功能分析

Type: OpenClaw Skill Name: sber-gigachat Version: 1.1.2 The skill bundle contains functional scripts for GigaChat integration but includes high-risk security practices and vulnerabilities. Specifically, `scripts/start-proxy.sh` and `scripts/start.sh` explicitly disable SSL certificate verification by default if the Sber CA is not found, which exposes the connection to Man-in-the-Middle (MITM) attacks. Additionally, `scripts/patch-config.sh` is vulnerable to Python code injection because it unsafely interpolates the `$CONFIG` environment variable directly into a `python3 -c` command string. While these appear to be functional workarounds or unintentional flaws, they constitute significant security risks.

能力评估

✓ Purpose & Capability

Name/description, required binaries (python3, curl), required env vars (GIGACHAT_CREDENTIALS, GIGACHAT_SCOPE), and the packaged scripts all align with running a local gpt2giga proxy and patching OpenClaw config. The primary credential and declared config paths match the described workflow.

✓ Instruction Scope

SKILL.md and included scripts limit actions to: loading the local env file, starting/stopping a local gpt2giga process, backing up and patching the OpenClaw config, and checking process/port status. Scripts source a user-local env file and may be influenced by optional env overrides (GIGACHAT_ENV_FILE, OPENCLAW_CONFIG) but do not reference or exfiltrate other system secrets or remote endpoints beyond the expected Sber API via gpt2giga.

ℹ Install Mechanism

Installation is via pip (scripts/setup.sh: pip3 install gpt2giga) / declared uv package 'gpt2giga'. This is expected for a Python proxy but carries the usual PyPI risk (installing third-party package code). There are no downloads from unknown URLs or archive extracts in the skill itself.

✓ Credentials

Only GIGACHAT_CREDENTIALS and GIGACHAT_SCOPE are required, which is proportionate for an OAuth-based proxy. The skill advises storing credentials in a local env file and exporting them; those files are sensitive and should be permissioned (the skill itself recommends chmod 600). Note: scripts export additional non-secret env flags (GIGACHAT_VERIFY_SSL_CERTS, GPT2GIGA_HOST/PORT) and write logs to ~/.openclaw/gpt2giga.log which could contain diagnostic info.

✓ Persistence & Privilege

Skill is not always-enabled and is user-invocable. It writes its own PID/log files under the user's ~/.openclaw directory and can patch the user's OpenClaw config (intentional for its purpose). It does not request system-wide privileges or modify other skills' credentials.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install sber-gigachat
安装完成后，直接呼叫该 Skill 的名称或使用 /sber-gigachat 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.1.2

**Summary: Simplified proxy setup and token management—gpt2giga now handles OAuth internally.** - No more manual token generation or refresh; gpt2giga uses env vars for credentials and manages OAuth automatically. - Added script to patch OpenClaw config for easy integration. - Updated documentation to reflect streamlined startup and troubleshooting. - Now requires both python3 and curl; install instructions updated. - More detailed script management (start, stop, status, patch config) included.

v1.1.1

Version 1.1.1 - Updated minimum requirements: now only Python 3 is listed as a required binary (removed curl and jq). - Clarified skill limitations regarding credential handling and SSL verification. - Enhanced security advice: environment variables are used exclusively for credentials; users should secure their env file. - Documentation changes only; no functional code changes.

v1.1.0

**Metadata and compatibility enhancements for GigaChat skill.** - Added metadata block with emoji, homepage, OS compatibility, binary requirements, environment variables, and config file paths. - Bumped version to 1.1.0. - No changes to features, code, or instructions—documentation and metadata update only.

v1.0.0

Initial release. GigaChat integration via gpt2giga proxy — supports GigaChat, GigaChat-Pro, GigaChat-Max with OpenAI-compatible API.

元数据

Slug sber-gigachat

版本 1.1.2

许可证 —

累计安装 1

当前安装数 1

历史版本数 4

常见问题

GigaChat (Sber AI) Proxy 是什么？

Integrate GigaChat (Sber AI) with OpenClaw via gpt2giga proxy. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 374 次。

如何安装 GigaChat (Sber AI) Proxy？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install sber-gigachat」即可一键安装，无需额外配置。

GigaChat (Sber AI) Proxy 是免费的吗？

是的，GigaChat (Sber AI) Proxy 完全免费（开源免费），可自由下载、安装和使用。

GigaChat (Sber AI) Proxy 支持哪些平台？

GigaChat (Sber AI) Proxy 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（darwin, linux）。

谁开发了 GigaChat (Sber AI) Proxy？

由 Alex（@smvlx）开发并维护，当前版本 v1.1.2。