首页龙虾技能列表 › Baoyu Danger Gemini Web — Gemini API

Baoyu Danger Gemini Web — Gemini API

v0.1.0

通过逆向工程的Gemini Web API生成图像和文本。支持文本生成、从提示生成图像、参考图像进行视觉输入等功能。

0· 656·41 当前·42 累计
by @wjctim (逝去小时光)·MIT-0
下载技能包
License
MIT-0
最后更新
2026/4/12
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
可疑
medium confidence
代码和指令符合逆向工程的Gemini Web客户端描述,但它读写浏览器cookie和Chrome配置文件数据(敏感),而注册表元数据未声明这些需求——仅在审查和隔离后继续。
评估建议
此技能包含一个完整的TypeScript客户端,通过Chrome/CDP读取Google浏览器cookie并写入cookie文件来逆向工程Gemini Web端点并进行认证。这种行为与其目标一致但敏感:浏览器cookie可用于冒充您的账户。安装前请自行检查代码或让您信任的人检查,并考虑法律/TOS影响。...
详细分析 ▾
用途与能力
The name/description (reverse‑engineered Gemini Web API for text/image generation) align with the included TypeScript client and CLI. However the skill requires access to browser cookies and Chrome profile directories to authenticate (via __Secure-1PSID / __Secure-1PSIDTS), which is not advertised in the registry metadata (no required config paths or credentials listed).
指令范围
SKILL.md and the code instruct the agent to read/write files under the user's home (consent.json, EXTEND.md, cached cookie files), spawn Chrome (via child_process) and use the Chrome remote debugging/CDP to extract cookies, and then call gemini.google.com and related Google endpoints. Those actions access highly sensitive local browser state (cookies) and will download/run runtime tooling (npx -y bun). This scope goes beyond a simple 'generate image' description and could expose sensitive credentials if misused.
安装机制
There is no formal install spec (instruction-only), which lowers installer risk. However usage examples run 'npx -y bun scripts/main.ts' which will fetch/execute a runtime (bun) at runtime. The included code itself will be executed by the agent. No arbitrary remote archives or unknown URLs are used in an install step, but 'npx -y bun' implies downloading an executable to run the TypeScript.
凭证需求
The skill reads browser cookies, can launch Chrome with a new user-data-dir, and writes cookie files and consent files under user directories. Those are high‑sensitivity operations (cookie tokens) that are not reflected in the declared metadata (no required env vars or config paths). Optional env vars exist (GEMINI_WEB_CHROME_PATH, GEMINI_WEB_CHROME_PROFILE_DIR, GEMINI_WEB_COOKIE_PATH) but requesting access to local browser cookies is a substantial privilege and should be explicitly declared and consented to.
持久化与权限
The skill does not request 'always: true' and does not modify other skills. It writes local files (consent, cookie cache, sessions) under its own data directory; this is expected for a client that caches auth. No evidence it alters system-wide agent configuration or other skills.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv0.1.02026/3/4

Initial release of baoyu-danger-gemini-web. - Provides text and image generation via the reverse-engineered Gemini Web API, including multi-turn conversations and vision input through reference images. - Requires explicit user consent before first use; handles consent storage and checks across macOS, Linux, and Windows. - Supports configuration via EXTEND.md at both project and user levels for model selection, proxy settings, and data directories. - Includes CLI support for text/image generation, session handling, JSON output, and browser-based authentication. - Supports several Gemini-3 models, with flexible authentication, session, and environment variable options for customization.

● 可疑

安装命令 点击复制

官方npx clawhub@latest install baoyu-danger-gemini-web
镜像加速npx clawhub@latest install baoyu-danger-gemini-web --registry https://cn.clawhub-mirror.com

技能文档

Text/image generation via Gemini Web API. Supports reference images and multi-turn conversations.

Script Directory

Important: All scripts are located in the scripts/ subdirectory of this skill.

Agent Execution Instructions:

  • Determine this SKILL.md file's directory path as SKILL_DIR
  • Script path = ${SKILL_DIR}/scripts/.ts
  • Replace all ${SKILL_DIR} in this document with the actual path

Script Reference:

ScriptPurpose
scripts/main.tsCLI entry point for text/image generation
scripts/gemini-webapi/*TypeScript port of gemini_webapi (GeminiClient, types, utils)

Consent Check (REQUIRED)

Before first use, verify user consent for reverse-engineered API usage.

Consent file locations:

  • macOS: ~/Library/Application Support/baoyu-skills/gemini-web/consent.json
  • Linux: ~/.local/share/baoyu-skills/gemini-web/consent.json
  • Windows: %APPDATA%\baoyu-skills\gemini-web\consent.json

Flow:

  • Check if consent file exists with accepted: true and disclaimerVersion: "1.0"
  • If valid consent exists → print warning with acceptedAt date, proceed
  • If no consent → show disclaimer, ask user via AskUserQuestion:
- "Yes, I accept" → create consent file with ISO timestamp, proceed - "No, I decline" → output decline message, stop
  • Consent file format: {"version":1,"accepted":true,"acceptedAt":"","disclaimerVersion":"1.0"}

Preferences (EXTEND.md)

Use Bash to check EXTEND.md existence (priority order):

# Check project-level first
test -f .baoyu-skills/baoyu-danger-gemini-web/EXTEND.md && echo "project"
# Then user-level (cross-platform: $HOME works on macOS/Linux/WSL)
test -f "$HOME/.baoyu-skills/baoyu-danger-gemini-web/EXTEND.md" && echo "user"

┌──────────────────────────────────────────────────────────┬───────────────────┐ │ Path │ Location │ ├──────────────────────────────────────────────────────────┼───────────────────┤ │ .baoyu-skills/baoyu-danger-gemini-web/EXTEND.md │ Project directory │ ├──────────────────────────────────────────────────────────┼───────────────────┤ │ $HOME/.baoyu-skills/baoyu-danger-gemini-web/EXTEND.md │ User home │ └──────────────────────────────────────────────────────────┴───────────────────┘

┌───────────┬───────────────────────────────────────────────────────────────────────────┐ │ Result │ Action │ ├───────────┼───────────────────────────────────────────────────────────────────────────┤ │ Found │ Read, parse, apply settings │ ├───────────┼───────────────────────────────────────────────────────────────────────────┤ │ Not found │ Use defaults │ └───────────┴───────────────────────────────────────────────────────────────────────────┘

EXTEND.md Supports: Default model | Proxy settings | Custom data directory

Usage

# Text generation
npx -y bun ${SKILL_DIR}/scripts/main.ts "Your prompt"
npx -y bun ${SKILL_DIR}/scripts/main.ts --prompt "Your prompt" --model gemini-3-flash
# Image generation
npx -y bun ${SKILL_DIR}/scripts/main.ts --prompt "A cute cat" --image cat.png
npx -y bun ${SKILL_DIR}/scripts/main.ts --promptfiles system.md content.md --image out.png
# Vision input (reference images)
npx -y bun ${SKILL_DIR}/scripts/main.ts --prompt "Describe this" --reference image.png
npx -y bun ${SKILL_DIR}/scripts/main.ts --prompt "Create variation" --reference a.png --image out.png
# Multi-turn conversation
npx -y bun ${SKILL_DIR}/scripts/main.ts "Remember: 42" --sessionId session-abc
npx -y bun ${SKILL_DIR}/scripts/main.ts "What number?" --sessionId session-abc
# JSON output
npx -y bun ${SKILL_DIR}/scripts/main.ts "Hello" --json

Options

OptionDescription
--prompt, -pPrompt text
--promptfilesRead prompt from files (concatenated)
--model, -mModel: gemini-3-pro (default), gemini-3-flash, gemini-3-flash-thinking, gemini-3.1-pro-preview
--image [path]Generate image (default: generated.png)
--reference, --refReference images for vision input
--sessionIdSession ID for multi-turn conversation
--list-sessionsList saved sessions
--jsonOutput as JSON
--loginRefresh cookies, then exit
--cookie-pathCustom cookie file path
--profile-dirChrome profile directory

Models

ModelDescription
gemini-3-proDefault, latest 3.0 Pro
gemini-3-flashFast, lightweight 3.0 Flash
gemini-3-flash-thinking3.0 Flash with thinking
gemini-3.1-pro-preview3.1 Pro preview (empty header, auto-routed)

Authentication

First run opens browser for Google auth. Cookies cached automatically.

Supported browsers (auto-detected): Chrome, Chrome Canary/Beta, Chromium, Edge.

Force refresh: --login flag. Override browser: GEMINI_WEB_CHROME_PATH env var.

Environment Variables

VariableDescription
GEMINI_WEB_DATA_DIRData directory
GEMINI_WEB_COOKIE_PATHCookie file path
GEMINI_WEB_CHROME_PROFILE_DIRChrome profile directory
GEMINI_WEB_CHROME_PATHChrome executable path
HTTP_PROXY, HTTPS_PROXYProxy for Google access (set inline with command)

Sessions

Session files stored in data directory under sessions/.json.

Contains: id, metadata (Gemini chat state), messages array, timestamps.

Extension Support

Custom configurations via EXTEND.md. See Preferences section for paths and supported options.

数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务