← 返回 Skills 市场

xAI / Grok

Name: xAI / Grok
Author: blueberrywoodsym

作者 blueberrywoodsym · GitHub ↗ · v1.0.2

cross-platform ✓ 安全检测通过

11620

总下载

当前安装

版本数

在 OpenClaw 中安装

/install x-ai

功能描述

Chat with Grok models via xAI API. Supports Grok-3, Grok-3-mini, vision, and more.

安全使用建议

Install only if you are comfortable sending prompts, system prompts, X search queries, and any selected image files to xAI. Avoid using it with screenshots, documents, photos, or prompts containing secrets, personal data, regulated data, or proprietary information unless that sharing is acceptable.

功能分析

Type: OpenClaw Skill Name: x-ai Version: 1.0.2 The skill is classified as suspicious due to a potential arbitrary file read vulnerability in `scripts/chat.js`. The `imageToBase64` function uses `path.resolve` and `fs.readFileSync` on a user-provided image path. While it includes an extension whitelist (e.g., `.jpg`, `.png`), an attacker could potentially craft a path (e.g., `../../../secrets/mykey.png`) to read sensitive files that happen to have an allowed image extension and are accessible via path traversal. This is a vulnerability, not clear malicious intent, as the code's purpose is to facilitate image uploads to the xAI API. No evidence of prompt injection or other malicious behavior was found.

能力评估

✓ Purpose & Capability

The advertised purpose is chatting with Grok, vision analysis, model listing, and X search; the scripts consistently call api.x.ai and use the xAI API key for those functions.

ℹ Instruction Scope

The skill is user-invocable and sets disable-model-invocation: true. The trigger 'ask grok' is somewhat broad, but it remains provider-specific and does not by itself show deceptive routing.

✓ Install Mechanism

Installation is a normal ClawHub install or git clone with Node scripts; package metadata has no install hooks or dependency-based execution path.

ℹ Credentials

Prompts, system prompts, X search queries, and chosen image files are sent to xAI. SKILL.md discloses this, but README and CLI help could make the third-party upload/privacy point more prominent.

✓ Persistence & Privilege

No persistence, background workers, privilege escalation, broad local indexing, credential harvesting, or writes were found; local file access is limited to the user-supplied image path.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install x-ai
安装完成后，直接呼叫该 Skill 的名称或使用 /x-ai 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.2

- Added a prominent link to external installation and use instructions at the top of the setup section. - No changes to functionality or commands; documentation update only.

v1.0.1

- No user-facing changes in this release. - Documentation, permissions, and usage details remain unchanged.

v1.0.0

- Initial release of the xai skill. - Chat with Grok models via xAI API, supporting text and vision (image analysis). - Includes search functionality for real-time X/Twitter posts with citations. - Supports multiple Grok models including grok-3, grok-3-mini, grok-3-fast, and vision. - User-invocable only; cannot be called autonomously by agents. - Simple setup: requires only XAI_API_KEY environment variable.

元数据

Slug x-ai

版本 1.0.2

许可证 —

累计安装 438

当前安装数 8

历史版本数 3

常见问题

xAI / Grok 是什么？

Chat with Grok models via xAI API. Supports Grok-3, Grok-3-mini, vision, and more. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 11620 次。

如何安装 xAI / Grok？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install x-ai」即可一键安装，无需额外配置。

xAI / Grok 是免费的吗？

是的，xAI / Grok 完全免费（开源免费），可自由下载、安装和使用。

xAI / Grok 支持哪些平台？

xAI / Grok 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 xAI / Grok？

由 blueberrywoodsym（@blueberrywoodsym）开发并维护，当前版本 v1.0.2。