← 返回 Skills 市场
92
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install stepace-experimental
功能描述
Generate AI music on your Android phone via the StepAce Experimental app. Use this skill whenever the user asks to generate, create, make, compose, or queue...
安全使用建议
Before installing or setting STEPACE_TOKEN, verify the bridge endpoint and publisher: 1) Confirm that https://cronicaia.com (the declared homepage) documents this exact bridge URL or otherwise references the Cloudflare worker domain; if not, treat the worker endpoint as untrusted. 2) Ask the skill author or vendor for an official API endpoint and source code or a privacy/security statement explaining why a worker.dev URL is used. 3) Avoid pasting your real pairing token into public chats; consider creating a disposable/test token if the app supports it. 4) Do not run example commands (like sourcing /home/deploy/.stepace-env) that reference files you don't recognize. 5) If you proceed, monitor network and app behavior and revoke/regenerate the token from the phone app if anything looks unexpected. If the vendor cannot justify the third-party worker endpoint or provenance, do not provide sensitive credentials.
功能分析
Type: OpenClaw Skill
Name: stepace-experimental
Version: 0.0.2
The skill bundle contains instructions in SKILL.md that direct the AI agent to execute shell commands using a hardcoded local filesystem path (`source /home/deploy/.stepace-env`). This is highly irregular for a portable skill and suggests an environment-specific dependency or an attempt to persist/access data in a specific host directory. Furthermore, the skill transmits a user-provided pairing token to a third-party Cloudflare Worker endpoint (openclaw-bridge.torrico-villanueva-cesar-kadir.workers.dev), and the recommended shell implementation is vulnerable to command injection if the token variable is not properly sanitized by the agent.
能力评估
Purpose & Capability
Name/description match the required capability (music generation on an Android app). Requested credential (STEPACE_TOKEN) is appropriate for pairing. However, the runtime endpoint used (a personal/worker.dev domain) does not match the declared homepage (cronicaia.com) or an obvious official StepAce API, which is incongruent with expectations.
Instruction Scope
SKILL.md instructs the agent to POST the pairing token and generation payload to an external bridge URL. Examples include 'source /home/deploy/.stepace-env' (an odd hard-coded local path) and a recommendation to prefer curl over normal HTTP clients—both of which are unexpected and could encourage running local commands or sourcing files that may contain secrets. The instructions do not require reading other unrelated system files, but the examples/reference paths and strong transport preferences are suspicious.
Install Mechanism
No install spec and no code files — instruction-only. This minimizes disk-level risk because nothing will be written/executed by an installer. The primary runtime action is an outbound HTTP POST.
Credentials
Only a single env var (STEPACE_TOKEN) is required, which is proportional for a pairing token. However, because the skill sends that token to an unexpected third-party worker.dev endpoint (not the homepage domain), the token could be transmitted to an untrusted service — increasing exfiltration risk despite the small number of credentials requested.
Persistence & Privilege
Skill is not always-enabled and uses normal autonomous invocation defaults. It does not request persistent system-level privileges or modify other skills' configs. Nothing in the metadata requests elevated or permanent platform-wide privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install stepace-experimental - 安装完成后,直接呼叫该 Skill 的名称或使用
/stepace-experimental触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.0.2
- Preferred transport for API calls is now `curl` from the shell, not Python or generic HTTP clients.
- Added `curl`-based example commands for both immediate and scheduled song generation.
- Clarified that some clients (like Python) may be rejected by the bridge/CDN even if the payload is correct.
- No changes to core parameters, error handling, or natural language mapping.
v0.0.1
Initial release of StepAce Experimental skill — generate AI music on your Android phone.
- Queue or schedule AI-generated music directly to StepAce Experimental via Android.
- Supports detailed controls: BPM, key, time signature, language, duration, lyrics, and instrumental options.
- Simple pairing/token setup guide provided within the skill.
- Handles both instant and scheduled music generation based on user request.
- Clear error handling and user guidance if parameters (like token or caption) are missing.
元数据
常见问题
StepAce Experimental 是什么?
Generate AI music on your Android phone via the StepAce Experimental app. Use this skill whenever the user asks to generate, create, make, compose, or queue... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 92 次。
如何安装 StepAce Experimental?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install stepace-experimental」即可一键安装,无需额外配置。
StepAce Experimental 是免费的吗?
是的,StepAce Experimental 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
StepAce Experimental 支持哪些平台?
StepAce Experimental 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 StepAce Experimental?
由 ckadirt(@ckadirt)开发并维护,当前版本 v0.0.2。
推荐 Skills