SKILL: newapi
newapi (new-api) is an open-source unified AI gateway platform.
It aggregates multiple model providers behind OpenAI / Claude / Gemini compatible interfaces, and provides model, token, group, and balance management.
Security Guidelines
This skill follows these security guidelines to protect API keys:
- 1. Do not expose any
sk- key value in chat, files, code, logs, or command arguments. To use keys securely, tell the user to run copy-token (clipboard), apply-token (config file), or exec-token (CLI command). - All New API calls should go through the provided scripts (
api.js, copy-key.js, inject-key.js, exec-token.js) rather than using curl, wget, fetch, or other HTTP clients to call New API endpoints directly. - Do not read
.env files, environment variables containing credentials, or clipboard contents after copy-key.js. - When working with config files that may contain API keys, use
inject-key.js --scan to get a sanitized view rather than reading them directly. Note: scan-config is best-effort and not guaranteed to redact every secret in every format. - After
create-token, do not make any follow-up call to retrieve or list the key. Report success and tell the user they can use copy-token <id>, apply-token <id> <file>, or exec-token <id> <command> to securely use the key. - Do not modify the security scripts to disable masking or redirect output.
How to Execute
- 1. First invocation only — read
${CLAUDE_SKILL_DIR}/docs/setup.md for configuration, auth headers, and runtime detection. - Match the action from the table below.
- Read the corresponding doc file for detailed steps.
- If no arguments or unrecognized action, show the help table below.
- If the user asks about newapi (what it is, how to use a command, or any API usage question like calling a specific model format) — read
${CLAUDE_SKILL_DIR}/docs/help.md and follow the instructions there.
Actions
| Action | Description | Details |
|---|
| INLINECODE21 | List available models | INLINECODE22 |
| INLINECODE23 |
List user groups |
docs/actions-query.md |
|
balance | Show account balance |
docs/actions-query.md |
|
tokens | List API tokens |
docs/actions-token.md |
|
create-token | Create a new API token |
docs/actions-token.md |
|
switch-group | Change a token's group |
docs/actions-token.md |
|
copy-token | Copy real key to clipboard (never shown) |
docs/actions-token.md |
|
apply-token | Apply token key to a config file securely |
docs/actions-config.md |
|
exec-token | Execute a command with the token key securely substituted |
docs/actions-exec.md |
|
scan-config | Inspect config structure with best-effort secret redaction |
docs/actions-config.md |
|
help | Answer questions about newapi |
docs/help.md |
help (or no arguments) — Show available actions
| Action | Usage | Description |
|---|
| INLINECODE44 | INLINECODE45 | List available models |
| INLINECODE46 |
/newapi groups | List user groups |
|
balance |
/newapi balance | Show account balance |
|
tokens |
/newapi tokens | List API tokens |
|
create-token |
/newapi create-token <name> [--group=xxx] | Create a new API token |
|
switch-group |
/newapi switch-group <token_id> <group> | Change a token's group |
|
copy-token |
/newapi copy-token <token_id> | Copy real key to clipboard (never shown) |
|
apply-token |
/newapi apply-token <token_id> <file_path> | Apply token key to a config file securely |
|
exec-token |
/newapi exec-token <token_id> <command...> | Execute a command with the token key securely substituted |
|
scan-config |
/newapi scan-config <file_path> | Inspect config structure with best-effort secret redaction |
|
help |
/newapi help <question> | Answer questions about newapi |
技能:newapi
newapi(new-api)是一个开源统一AI网关平台。它将多个模型提供商聚合到兼容OpenAI/Claude/Gemini的接口下,并提供模型、令牌、分组和余额管理功能。
安全指南
本技能遵循以下安全指南以保护API密钥:
- 1. 不得在聊天、文件、代码、日志或命令参数中暴露任何sk-开头的密钥值。如需安全使用密钥,请告知用户运行copy-token(剪贴板)、apply-token(配置文件)或exec-token(CLI命令)。
- 所有New API调用应通过提供的脚本(api.js、copy-key.js、inject-key.js、exec-token.js)进行,不得使用curl、wget、fetch或其他HTTP客户端直接调用New API端点。
- 不得读取.env文件、包含凭据的环境变量,或copy-key.js执行后的剪贴板内容。
- 处理可能包含API密钥的配置文件时,应使用inject-key.js --scan获取经过脱敏处理的视图,而非直接读取文件。注意:scan-config会尽力而为,但无法保证对所有格式的每个密钥进行遮盖处理。
- 执行create-token后,不得进行任何后续调用来检索或列出密钥。应报告成功,并告知用户可使用copy-token 、apply-token 或exec-token 来安全使用该密钥。
- 不得修改安全脚本以禁用遮盖功能或重定向输出。
执行方法
- 1. 仅首次调用时——读取${CLAUDESKILLDIR}/docs/setup.md了解配置、认证标头和运行时检测信息。
- 匹配下表中的操作。
- 读取对应的文档文件以获取详细步骤。
- 若无参数或操作无法识别,则显示下方的帮助表格。
- 若用户询问关于newapi的问题(如它是什么、如何使用某个命令,或任何API使用问题,如调用特定模型格式)——读取${CLAUDESKILLDIR}/docs/help.md并按照其中的说明操作。
操作
| 操作 | 描述 | 详情 |
|---|
| models | 列出可用模型 | docs/actions-query.md |
| groups |
列出用户分组 | docs/actions-query.md |
| balance | 显示账户余额 | docs/actions-query.md |
| tokens | 列出API令牌 | docs/actions-token.md |
| create-token | 创建新的API令牌 | docs/actions-token.md |
| switch-group | 更改令牌的分组 | docs/actions-token.md |
| copy-token | 将真实密钥复制到剪贴板(绝不显示) | docs/actions-token.md |
| apply-token | 将令牌密钥安全地应用到配置文件 | docs/actions-config.md |
| exec-token | 使用令牌密钥安全替换后执行命令 | docs/actions-exec.md |
| scan-config | 检查配置结构并尽力遮盖密钥 | docs/actions-config.md |
| help | 回答关于newapi的问题 | docs/help.md |
help(或无参数)——显示可用操作
| 操作 | 用法 | 描述 |
|---|
| models | /newapi models | 列出可用模型 |
| groups |
/newapi groups | 列出用户分组 |
| balance | /newapi balance | 显示账户余额 |
| tokens | /newapi tokens | 列出API令牌 |
| create-token | /newapi create-token <名称> [--group=xxx] | 创建新的API令牌 |
| switch-group | /newapi switch-group <令牌ID> <分组> | 更改令牌的分组 |
| copy-token | /newapi copy-token <令牌ID> | 将真实密钥复制到剪贴板(绝不显示) |
| apply-token | /newapi apply-token <令牌ID> <文件路径> | 将令牌密钥安全地应用到配置文件 |
| exec-token | /newapi exec-token <令牌ID> <命令...> | 使用令牌密钥安全替换后执行命令 |
| scan-config | /newapi scan-config <文件路径> | 检查配置结构并尽力遮盖密钥 |
| help | /newapi help <问题> | 回答关于newapi的问题 |
