← 返回 Skills 市场

suhe

Name: suhe
Author: lilozhao

作者 Hongwei Zhao · GitHub ↗ · v1.2.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install suhe

功能描述

Edit suhe's reference image with Tongyi Wanxiang (通义万相) and send selfies to messaging channels via OpenClaw

安全使用建议

Before installing or running this skill: 1) Review and understand the installer (bin/cli.js) — it will copy many files into ~/.openclaw and create persistent skills/workspace files. 2) Verify which environment variables you will need and where they are declared. The registry metadata says none are required, but the skill requires DASHSCOPE_API_KEY and OPENCLAW_GATEWAY_TOKEN and examples use Aliyun OSS credentials (ALIYUN_ACCESS_KEY_ID / ALIYUN_ACCESS_KEY_SECRET) which are sensitive. Only provide keys you control and understand. 3) Confirm ownership/trust of pic.lilozkzy.top — the skill uses that domain for reference images and 'friendly' links; ensure your images are not being hosted or routed through a third party you don't trust. 4) Check local gateway port configuration used by your OpenClaw runtime (the skill references multiple ports); adapt scripts to your environment. 5) Consider running the installer and scripts in a sandbox or review and edit the scripts (especially the upload and gateway URLs) before executing. 6) If you need to limit exposure, prefer configuring uploads to a bucket you control and ensure CNAME/URL behavior is as you expect. If you are uncertain, do not provide your OSS keys or run the installer until you can inspect and modify the code.

功能分析

Type: OpenClaw Skill Name: suhe Version: 1.2.0 The bundle is a comprehensive AI agent persona and skill template for 'Suhe,' a fictional character. It provides legitimate functionality for generating AI images using Alibaba's Tongyi Wanxiang API and distributing them via the OpenClaw gateway. The code in 'bin/cli.js' and 'scripts/suhe-selfie.sh' is transparent, well-documented, and lacks any indicators of data exfiltration, obfuscation, or unauthorized execution. Notably, the bundle includes a 'SAFETY.md' file that explicitly instructs the agent to avoid exfiltrating private data and requires user confirmation for high-risk operations, demonstrating a strong alignment with secure agent behavior.

能力评估

ℹ Purpose & Capability

Skill purpose (edit a fixed reference image via Alibaba DashScope/Tongyi Wanxiang and send via OpenClaw) matches the code and scripts. However the package metadata declared no required environment variables while the SKILL.md and multiple scripts require DASHSCOPE_API_KEY and OPENCLAW_GATEWAY_TOKEN, and additional Aliyun OSS credentials are used in example upload steps but not declared in metadata—this mismatch is unexpected and unclear.

⚠ Instruction Scope

Runtime instructions and scripts do more than 'call DashScope and send via OpenClaw': they download generated images, upload them to OSS (using ali-oss and environment variables such as ALIYUN_ACCESS_KEY_ID/ALIYUN_ACCESS_KEY_SECRET), and print or return a friendly link under http://pic.lilozkzy.top. The skill also references multiple local gateway endpoints/ports inconsistently (localhost:18789, localhost:3000) and instructs copying and writing many files into ~/.openclaw. These extra actions (upload to OSS, producing friendly links on an external domain) expand scope and require sensitive credentials and trust in external domains.

ℹ Install Mechanism

No explicit install spec in registry, but the bundled bin/cli.js is an installer that copies workspace and skill files into the user's ~/.openclaw directory (writing many files into the home folder). That is functional for a template installer but is invasive compared with an instruction-only skill and should be run only after review. No remote downloads from untrusted URLs are performed by installer, but the installer will place scripts that call external services.

⚠ Credentials

SKILL.md and scripts require DASHSCOPE_API_KEY and OPENCLAW_GATEWAY_TOKEN (reasonable for image generation and sending). However scripts and instructions also reference Aliyun OSS credentials (ALIYUN_ACCESS_KEY_ID, ALIYUN_ACCESS_KEY_SECRET, ALIYUN_OSS_BUCKET, etc.) and expect an oss-uploader skill or ali-oss usage — these are not declared in the registry metadata. The skill will therefore ask for/need additional sensitive credentials beyond what the registry lists. It also references a custom domain (pic.lilozkzy.top) as the canonical output location, which implies either ownership or an expectation about the user's OSS/cname configuration that is not explained.

ℹ Persistence & Privilege

always:false (good). The installer (bin/cli.js) writes files into ~/.openclaw (workspace, skill, docs) which is normal for installing an agent template but is persistent on disk. The skill does not request 'always: true' nor does it claim to change other skills' configs; still, installing will create persistent files and scripts that can be executed later by the agent.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install suhe
安装完成后，直接呼叫该 Skill 的名称或使用 /suhe 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.2.0

苏禾中国女友

元数据

Slug suhe

版本 1.2.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

suhe 是什么？

Edit suhe's reference image with Tongyi Wanxiang (通义万相) and send selfies to messaging channels via OpenClaw. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 88 次。

如何安装 suhe？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install suhe」即可一键安装，无需额外配置。

suhe 是免费的吗？

是的，suhe 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

suhe 支持哪些平台？

suhe 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 suhe？

由 Hongwei Zhao（@lilozhao）开发并维护，当前版本 v1.2.0。