/setup
Guides users through the interactive setup of API keys for Semantic Scholar, DeepXiv, and Review LLM, enhancing functionality.
Install this skill
or
10/100
Security score
The /setup skill was audited on May 26, 2026 and we found 22 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 246
Access to hidden dotfiles in home directory
SourceSKILL.md
| 246 | - **只写入 `.env`**,不写入 `~/.env` 或其他位置 |
medium line 2
Access to .env file
SourceSKILL.md
| 2 | description: 交互式 API key 配置引导 — 检测当前 .env 状态,逐步引导配置 Semantic Scholar、DeepXiv 和 Review LLM |
medium line 8
Access to .env file
SourceSKILL.md
| 8 | > 读取当前 `.env`,展示已配置和未配置的内容,并帮助你逐步设置每个 key, |
medium line 15
Access to .env file
SourceSKILL.md
| 15 | - 读取:`.env`(当前配置状态) |
medium line 20
Access to .env file
SourceSKILL.md
| 20 | - 更新后的 `.env`(包含新配置的 key) |
medium line 91
Access to .env file
SourceSKILL.md
| 91 | 写入 `.env` 前必须向用户确认。 |
medium line 106
Access to .env file
SourceSKILL.md
| 106 | **如果提供了 key**,写入 `.env`: |
medium line 107
Access to .env file
SourceSKILL.md
| 107 | 使用 Edit 工具更新 `.env`: |
medium line 166
Access to .env file
SourceSKILL.md
| 166 | 注册成功后写入 `.env`。失败时显示错误信息,并提供让用户手动粘贴 token 的选项。 |
medium line 190
Access to .env file
SourceSKILL.md
| 190 | **用户确认后写入** `.env` 中的三个变量。 |
medium line 192
Access to .env file
SourceSKILL.md
| 192 | **写入后提醒**:Review LLM MCP server 在 Claude Code 启动时读取 `.env`, |
medium line 246
Access to .env file
SourceSKILL.md
| 246 | - **只写入 `.env`**,不写入 `~/.env` 或其他位置 |
medium line 252
Access to .env file
SourceSKILL.md
| 252 | - **`.env` 不存在**:提示用户 `setup.sh` 可能未运行,提供创建命令: |
low line 254
Access to .env file
SourceSKILL.md
| 254 | cp config/.env.example .env |
medium line 264
Access to .env file
SourceSKILL.md
| 264 | 但仍通过 shell 或 Python 文件读取检查 `.env` 当前状态。 |
medium line 269
Access to .env file
SourceSKILL.md
| 269 | - `python3 -c "import _env; ..."` — 读取当前 `.env` 状态 |
medium line 274
Access to .env file
SourceSKILL.md
| 274 | - `.env` — 当前配置(读 + 写) |
medium line 277
Access to .env file
SourceSKILL.md
| 277 | - `.env` — 通过 Edit 工具写入新配置的 key |
low line 101
External URL reference
SourceSKILL.md
| 101 | **引导获取**:"访问 https://www.semanticscholar.org/product/api, |
low line 143
External URL reference
SourceSKILL.md
| 143 | resp = requests.post('https://data.rag.ac.cn/api/register/sdk', json=payload, timeout=30) |
low line 183
External URL reference
SourceSKILL.md
| 183 | 1. `LLM_BASE_URL` — 例如 `https://api.deepseek.com/v1` |
low line 187
External URL reference
SourceSKILL.md
| 187 | **格式校验**:Base URL 应以 `http://` 或 `https://` 开头,通常以 `/v1` 结尾。 |
Scanned on May 26, 2026
View Security Dashboard