📦 Galileo python sdk — AI评估与保护
v1.2.1Galileo官方Python SDK,一站式完成生成式AI应用的评估、观测与安全防护,为Python开发者提供简洁API,快速集成并持续监控模型表现与风险。
0· 62·0 当前·0 累计
by 下载技能包
最后更新
2026/4/13
安全扫描
OpenClaw
可疑
high confidenceNULL
评估建议
This appears to be legitimate Galileo SDK documentation, but there are two issues you should consider before using it: (1) the skill metadata does not declare the environment variables that the instructions actually use—GALILEO_API_KEY (and examples using OPENAI_API_KEY) are required for the SDK to send traces to Galileo; (2) the SDK’s instrumentation will capture and transmit LLM inputs, outputs, and other runtime data to https://app.galileo.ai (or a self-hosted console URL), which may include ...详细分析 ▾
ℹ 用途与能力
The name and description match the SKILL.md content: this is a reference for the Galileo Python SDK (evaluation, observability, guardrails). The capabilities described (tracing, metrics, guardrails, integrations) align with the stated purpose.
⚠ 指令范围
The runtime instructions direct the agent/developer to instrument many frameworks and to auto-log/traces LLM calls, then upload traces via HTTP to https://app.galileo.ai/api/otel/v1/traces and other Galileo endpoints. That behavior is consistent with an observability SDK, but it means prompts, inputs, outputs, and possibly PII will be captured and transmitted. The SKILL.md also demonstrates using OPENAI_API_KEY and GALILEO_API_KEY from the environment even though the skill metadata declared no required env vars—this is an important scope mismatch.
✓ 安装机制
This is an instruction-only skill with no install spec or code files in the registry bundle. The doc recommends pip install commands (galileo, promptquality, galileo-protect), which is expected for a Python SDK reference and represents normal, low-risk guidance.
⚠ 凭证需求
The SKILL.md clearly requires secrets/environment variables (GALILEO_API_KEY, GALILEO_CONSOLE_URL, optional GALILEO_PROJECT, GALILEO_LOG_STREAM, and examples referencing OPENAI_API_KEY) but registry metadata lists no required env vars or primary credential. Requesting GALILEO_API_KEY is proportionate to the SDK’s function, but the manifest omission is a mismatch that could mislead users about what credentials will be accessed or required.
✓ 持久化与权限
The skill does not request always:true, does not install or persist code via an install spec, and does not claim to modify other skills or system-wide settings. Autonomous invocation is allowed (default) but not combined with other elevated privileges here.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.2.12026/4/13
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install galileo-python-sdk
镜像加速npx clawhub@latest install galileo-python-sdk --registry https://cn.longxiaskill.com