by 安全扫描
OpenClaw
安全
high confidence该技能声明的需求(curl、jq、XIAOBA_API_KEY)及其运行时指令与其所述调用 Xiaoba(ibaguo)面试 API 的目的相符;所请求的内容无不合理或无关之处。
评估建议
This skill is coherent with its purpose, but before installing consider: (1) Trustworthiness of the service (https://www.ibaguo.com) — you will send candidate names, phone numbers, resumes, transcripts and other PII to that external API; verify privacy policy and data retention. (2) Treat XIAOBA_API_KEY as a secret: do not paste it into chat, rotate and scope the key if possible, and avoid embedding it in logs. (3) Ensure curl and jq are installed on the agent host and that network egress to htt...详细分析 ▾
✓ 用途与能力
Name/description claim to call the ibaguo interview API; required binaries (curl, jq) and the single required env var (XIAOBA_API_KEY) are appropriate and expected for making HTTP API calls.
✓ 指令范围
SKILL.md contains only curl-based request templates to the documented base URL and describes endpoints for plans, candidates, and sessions. It uses only the declared XIAOBA_API_KEY and does not instruct the agent to read unrelated files, other env vars, or system configuration. It does transmit candidate info and transcripts to the external API (expected for this skill) — be aware of privacy/PII implications.
✓ 安装机制
Instruction-only skill with no install spec or code files. This is lowest-risk for arbitrary code installation.
✓ 凭证需求
Only one credential is required: XIAOBA_API_KEY (declared as primaryEnv). That matches the API's documented Authorization: Bearer header usage and is proportionate to the functionality.
✓ 持久化与权限
Skill is not marked always:true and does not request elevated or persistent system presence. It does not modify other skills or system-wide settings in the provided instructions.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/19
xiaoba-interview-api 初始版本 技能: - 提供 Xiaoba AI Interview 开放 API,用于面试规划、候选人管理及会话/结果处理 - 支持创建、查询与生成面试计划 - 可创建与列出候选人,含候选人详情 - 可安排面试会话并获取面试结果 - 使用需通过 `XIAOBA_API_KEY` 环境变量提供 API key - 内置 bash + curl + jq 请求模板,覆盖所有核心工作流
● 无害
安装命令
点击复制官方npx clawhub@latest install xiaoba-ai-interview
镜像加速npx clawhub@latest install xiaoba-ai-interview --registry https://cn.longxiaskill.com
技能文档
通过本 Skill 可在工作流中调用小芭 AI 面试开放 API,完成:
- 面试计划(Interview Plans):创建/生成/查询
- 候选人(Candidates):创建/查询
- 面试会话(Sessions):发起面试、获取面试结果
认证与基础信息
- Base URL:
https://www.ibaguo.com/api/v1 - 认证:HTTP Header
Authorization: Bearer - 将 API Key 写入环境变量
XIAOBA_API_KEY(勿在对话或日志中泄露)。
统一请求模板(bash + curl)
优先使用以下模板,并用jq 美化输出:
BASE_URL="https://www.ibaguo.com/api/v1"
# GET 示例
curl -sS "$BASE_URL/plans?limit=20&offset=0" \
-H "Authorization: Bearer $XIAOBA_API_KEY" \
-H "Accept: application/json" | jq
# POST 示例(JSON Body)
curl -sS "$BASE_URL/plans" \
-H "Authorization: Bearer $XIAOBA_API_KEY" \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-d '{"name":"测试计划","questions":"自我介绍\\n项目经历\\n算法题","interview_style":"standard","job_title":"后端工程师","job_description":"负责核心服务开发","duration_minutes":15}' | jq
1) 面试计划(Interview Plans)
1.1 获取面试计划列表
- 方法:
GET - 路径:
/plans - Query:
limit(可选,默认 20)
- offset(可选)
- status(可选) 1.2 创建面试计划
- 方法:
POST - 路径:
/plans - Body 字段:
name(必填)
- questions:问题文本(换行分隔)
- job_title:职位名称
- job_description:职位描述
- interview_style:standard | strict | gentle
- duration_minutes:时长(分钟) 1.3 自动生成面试计划
- 方法:
POST - 路径:
/plans/generate - Body 字段:
requirements(必填):岗位/能力要求描述
- count:题目数量 2) 候选人(Candidates)
2.1 获取候选人列表
- 方法:
GET - 路径:
/candidates
2.2 创建候选人
- 方法:
POST - 路径:
/candidates - Body 字段:
name(必填)
- phone(必填)
- email(可选)
- plan_id:面试计划 ID
- resume_data:简历数据(JSON 对象) 响应含candidate.id、status及interview_url。
3) 面试会话(Sessions)
3.1 发起/调度面试
- 方法:
POST - 路径:
/sessions - Body 字段:
plan_id(必填)
- candidate_id(必填)
- scheduled_at:计划时间(ISO 8601) 响应返回 id、status、interview_url。
3.2 获取面试结果
- 方法:
GET - 路径:
/sessions/:id/result
结果含:
overall_scoredetailed_analysisrecommendationstranscript
推荐工作流
POST /plans或POST /plans/generate→ 拿到plan_idPOST /candidates→ 拿到candidate_idPOST /sessions→ 拿到session_id与interview_url- 面试结束 →
GET /sessions/:id/result获取结果
安全注意事项
- 勿在对话中输出
XIAOBA_API_KEY或完整请求头。 - 记录日志时仅保留 URL 路径、方法及脱敏后的响应摘要。