技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v0.1.0
统计:⭐ 0 · 31 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :可疑
Package:cnlangzi/kimi-use
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :可疑
OpenClaw 评估
The skill mostly implements a Kimi API client as described, but there are multiple inconsistencies and one meaningful risk (reading arbitrary local files and sending them to a remote API) plus metadata mismatches that the user should review before installing.
目的
The code implements chat, image understanding, and translation against a Kimi API which matches the skill description. However the package.json declares dependencies (notably 'openai') that the code does not use, and the registry metadata claims no required environment variables while the code and SKILL.md require KIMI_API_KEY (required) and optional KIMI_API_HOST/KIMI_MODEL/KIMI_VISION_MODEL. This mismatch between declared requirements and ac…
说明范围
The SKILL.md and the CLI/JS read local files (understandImage reads any file path, base64-encodes it and posts it to the remote API). That behavior is expected for image analysis, but the implementation will read and transmit any file the user points at (not restricted to image mime types), creating a risk of accidental or malicious exfiltration of local sensitive files. Instructions also expose a 'system' prompt field and the translate functi…
安装机制
There is no explicit install spec (instruction-only install), which is low-risk, but package.json lists npm dependencies. Running npm install will fetch packages from the registry (including 'openai' and 'minimist'). The 'openai' dependency appears unused in the code — installing unused packages increases footprint and attack surface and should be justified or removed.
证书
The runtime requires a KIMI_API_KEY (sent as Bearer auth) and optionally a KIMI_API_HOST. The registry metadata however lists no required env vars or primary credential. Requiring a secret API key is reasonable for this skill's purpose, but it should be declared explicitly in the skill metadata — the omission is a data/privilege mapping problem that could mislead reviewers or automated controls.
持久
The skill does not request always:true, does not modify other skills or global agent config, and runs as a normal user process. It exports helper functions but that is expected. No elevated persistence is requested.
scripts/index.js:19
环境变量访问与网络发送相结合。
scripts/index.js:13
File read combined with network send (possible exfiltration).
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Kimi Use」。简介:Kimi Use provides conversation, image understanding, translation, and web searc…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/cnlangzi/kimi-use/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
# Kimi Use
Kimi AI 工具集,提供对话、图像理解、翻译等功能。使用 Node.js 实现。
## 环境变量
```bash
export KIMI_API_KEY="sk-kimi-xxxx" # 必填(Kimi For Coding 格式)
export KIMI_API_HOST="https://api.kimi.com/coding" # Kimi For Coding 端点
export KIMI_MODEL="kimi-for-coding" # 可选,默认 kimi-for-coding
export KIMI_VISION_MODEL="kimi-vl-flash" # 可选,默认 kimi-vl-flash
```
获取 API Key: https://www.kimi.com/code/user-center/basic-information/interface-key
## 安装依赖
```bash
cd ~/workspace/skills/kimi-use
npm install
```
## CLI 命令
```bash
# 对话
node scripts/index.js chat "你好,介绍一下你自己"
# 图像理解(支持本地路径或 URL)
node scripts/index.js image "这张图片里有什么?" /path/to/image.jpg
# 翻译
node scripts/index.js translate "hello world" --to 中文
# 网络搜索(依赖模型知识库)
node scripts/index.js search "今日新闻"
# 流式输出
node scripts/index.js chat "讲一个故事" --stream
```
## Node.js 模块调用
```javascript
import { chat, understandImage, translate, webSearch } from './scripts/index.js';
// 对话
const r = await chat('你好');
console.log(r.result.content);
// 图像理解
const r = await understandImage('这张图里字幕在什么位置?用JSON返回', '/path/to/image.jpg');
console.log(r.result.content);
// 翻译
const r = await translate('hello', { to: 'Chinese' });
console.log(r.result.content);
```
## API 详情
- **API 地址**: `https://api.kimi.com/coding/v1`
- **模型**: kimi-for-coding, kimi-vl-flash (视觉)
- **视觉**: 支持本地 base64 图片和 URL
- **兼容**: OpenAI SDK 风格