← 返回 Skills 市场
339
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install uapi-get-clipzy-raw
功能描述
使用 UAPI 的“步骤2 (方法二): 获取原始文本”单接口 skill,处理 步骤2 (方法二): 获取原始文本、读取明文、解密文本、按key取原文、端到端加密文本 等请求。 Use when the user wants get clipzy raw, api raw, raw, read raw text...
安全使用建议
This skill is coherent and only documents calling GET /api/raw/{id}. Before using it: (1) Treat the decryption key as a secret — avoid pasting it into public chat or logs; passing it in a URL query string can expose it in server logs and referer headers. (2) Prefer providing keys via a secure input mechanism if available (or verify the API supports a safer header/body method). (3) Verify you trust https://uapis.cn and its handling of secrets. (4) If you do not want the agent to make network calls automatically, disable implicit/autonomous invocation in your agent settings before enabling the skill.
功能分析
Type: OpenClaw Skill
Name: uapi-get-clipzy-raw
Version: 1.0.0
The skill bundle is a functional wrapper for the Clipzy clipboard API (uapis.cn), but it is classified as suspicious because it implements a high-risk security practice: requiring a Base64-encoded AES decryption key to be passed as a plaintext URL query parameter (`key`). This vulnerability exposes sensitive cryptographic material in network logs, browser history, and server-side metadata. While the behavior is aligned with the stated purpose of the `get-clipzy-raw` endpoint and no evidence of intentional malice or unauthorized exfiltration was found, the inherent design flaw in the API handling sensitive keys warrants a cautious classification.
能力评估
Purpose & Capability
The name/description match the provided SKILL.md and reference docs: the skill only documents and wraps GET /api/raw/{id} (Clipzy). It requests no unrelated binaries, env vars, or configs.
Instruction Scope
The runtime instructions are limited to reading the included reference docs and calling the specified endpoint with the path id and a decryption key query parameter. The SKILL.md does not instruct the agent to read local files, system credentials, or other unrelated data.
Install Mechanism
There is no install spec and no code files to execute; this is instruction-only, so nothing is downloaded or written to disk by the skill itself.
Credentials
The skill requests no platform credentials or environment variables. It does, however, document that the API requires a decryption key passed as the `key` query parameter — a sensitive secret that the user must supply. The skill does not request that key as an env var, nor does it warn about the sensitivity of placing secrets in a query string (which can leak via logs or referer headers).
Persistence & Privilege
always:false and no install activity. The agent policy file allows implicit invocation (normal), but this skill does not request elevated or persistent system privileges or access to other skills' configs.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install uapi-get-clipzy-raw - 安装完成后,直接呼叫该 Skill 的名称或使用
/uapi-get-clipzy-raw触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial publish.
元数据
常见问题
UAPI 步骤2 (方法二): 获取原始文本 接口 是什么?
使用 UAPI 的“步骤2 (方法二): 获取原始文本”单接口 skill,处理 步骤2 (方法二): 获取原始文本、读取明文、解密文本、按key取原文、端到端加密文本 等请求。 Use when the user wants get clipzy raw, api raw, raw, read raw text... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 339 次。
如何安装 UAPI 步骤2 (方法二): 获取原始文本 接口?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install uapi-get-clipzy-raw」即可一键安装,无需额外配置。
UAPI 步骤2 (方法二): 获取原始文本 接口 是免费的吗?
是的,UAPI 步骤2 (方法二): 获取原始文本 接口 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
UAPI 步骤2 (方法二): 获取原始文本 接口 支持哪些平台?
UAPI 步骤2 (方法二): 获取原始文本 接口 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 UAPI 步骤2 (方法二): 获取原始文本 接口?
由 速冻饺子(@shuakami)开发并维护,当前版本 v1.0.0。
推荐 Skills