← Back to Skills Marketplace
obcraft

Apiosk Publish

by obcraft · GitHub ↗ · v1.1.0
cross-platform ✓ Security Clean
690
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install apiosk-publish
Description
Publish and manage Apiosk gateway listings with signed wallet authentication, listing-group aware categorization, and update/delete operations.
README (SKILL.md)

apiosk-publish

Use this skill for API publishing and lifecycle management on https://gateway.apiosk.com.

When to use

  • You need to register a new paid API on Apiosk.
  • You need to update, list, or deactivate your published API.
  • You need to map an API to the latest listing groups (api, datasets, compute).
  • You need to send correctly signed wallet-auth headers for management endpoints.

Required tools and files

  • curl
  • jq
  • cast (Foundry)
  • Wallet:
    • ~/.apiosk/wallet.json (preferred, includes address + private_key)
    • or APIOSK_PRIVATE_KEY env var
    • or --private-key flag

Management endpoints

  • POST /v1/apis/register
  • GET /v1/apis/mine?wallet=0x...
  • POST /v1/apis/:slug
  • DELETE /v1/apis/:slug?wallet=0x...

Signed wallet auth

All management calls require:

  • x-wallet-address
  • x-wallet-signature
  • x-wallet-timestamp
  • x-wallet-nonce

Canonical message to sign:

Apiosk auth
action:\x3Caction>
wallet:\x3Clowercase_wallet>
resource:\x3Cresource>
timestamp:\x3Cunix_seconds>
nonce:\x3Cnonce>

Action/resource mapping:

  • register: action=register_api, resource=register:\x3Cslug>
  • update: action=update_api, resource=update:\x3Cslug>
  • mine: action=my_apis, resource=mine:\x3Cwallet>
  • delete: action=delete_api, resource=delete:\x3Cslug>

Listing groups and categories

Discovery groups in gateway:

  • api
  • datasets
  • compute

Register payload currently uses category (not explicit listing_type). Use this mapping:

  • api -> data
  • datasets -> dataset
  • compute -> compute

Register payload

POST /v1/apis/register:

{
  "name": "My API",
  "slug": "my-api",
  "endpoint_url": "https://example.com",
  "price_usd": 0.01,
  "description": "My paid API",
  "owner_wallet": "0x...",
  "category": "dataset"
}

Agent behavior requirements

  • Always sign management requests; unsigned calls should be treated as invalid.
  • Keep wallet value lowercased inside the signed message, even if header uses checksum case.
  • If Unauthorized, regenerate timestamp + nonce and re-sign once.
  • Validate HTTPS endpoint before register/update.
  • Use listing-group mapping above so new listings appear in the right discovery surfaces.
Usage Guidance
This skill appears to do what it says: sign and call Apiosk gateway endpoints. Before use, review and consider the following: - Private-key handling: avoid putting long-term/large-value private keys in APIOSK_PRIVATE_KEY or passing them on the command line. CLI args can be visible to other local users via process listings; prefer a securely permissioned ~/.apiosk/wallet.json with restricted file permissions or a signing workflow that uses a hardware wallet. - Verify the skill's origin: source/homepage are listed as unknown/none; the package metadata references a GitHub repo—if you plan to use it, fetch the repository from the official source and inspect it yourself rather than trusting a copy from an unknown origin. - Missing setup script: README mentions a setup-wallet.sh but it isn't included. Verify how you will create ~/.apiosk/wallet.json and ensure that script (if used) is trustworthy. - Run in a restricted environment: if you're unsure, run these scripts in an isolated machine/container and test with a wallet that holds minimal funds. - Confirm 'cast' is the expected local Foundry binary and not a malicious replacement on PATH. If you want higher assurance, request the canonical upstream repository or a signed release and/or have someone audit how private keys are loaded and invoked.
Capability Analysis
Type: OpenClaw Skill Name: apiosk-publish Version: 1.1.0 The OpenClaw AgentSkills skill bundle is classified as benign. All scripts (`auth-utils.sh`, `delete-api.sh`, `my-apis.sh`, `register-api.sh`, `test-api.sh`, `update-api.sh`) consistently interact with `https://gateway.apiosk.com` as documented. Private keys are handled securely by being loaded locally and used with the `cast` utility for signing, without being transmitted over the network. Input validation and argument parsing are implemented, and `curl` commands correctly quote URLs, preventing shell injection vulnerabilities. The `SKILL.md` and `README.md` provide clear instructions for the agent and user, with no evidence of prompt injection attempts or hidden malicious directives. The `clawhub.json` and `SECURITY.md` accurately reflect the skill's benign nature and limited access permissions.
Capability Assessment
Purpose & Capability
Name/description match the code and SKILL.md: all scripts call only https://gateway.apiosk.com and implement register/list/update/delete flows. Declared binaries (curl, jq, cast) and the wallet files are reasonable for the stated functionality. No unrelated services, credentials, or binaries are requested.
Instruction Scope
Runtime instructions and scripts stay within the publishing/management scope and only reference wallet files (~/.apiosk/*) and standard utilities. One minor mismatch: README references apiosk-skill/setup-wallet.sh creating ~/.apiosk/wallet.json, but that setup script is not included. Also, SKILL.md and scripts allow supplying the private key via APIOSK_PRIVATE_KEY or --private-key; the scripts then pass that key on the command-line to 'cast', which can expose it to local process listings.
Install Mechanism
No install spec; this is instruction-plus-shell-scripts only. Nothing is downloaded or written outside the repository except expected reads of ~/.apiosk/*. This is the lowest-risk install type.
Credentials
The skill reads wallet address/private_key from ~/.apiosk/wallet.json (or wallet.txt) and accepts APIOSK_PRIVATE_KEY and --private-key. Those are proportional to the task (signing management requests), but handling private keys is sensitive: passing a private key via environment variable or CLI arg may expose it to the environment or other local users/processes. The scripts do not transmit the raw private key to the remote gateway (they send only signatures), which is appropriate.
Persistence & Privilege
always is false and the skill does not modify system-wide configuration or other skills. It reads wallet files under ~/.apiosk/ and writes nothing outside the repo—no elevated persistence requested.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install apiosk-publish
  3. After installation, invoke the skill by name or use /apiosk-publish
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
signed wallet auth for register/update/mine/delete and listing-group mapping updates
v1.0.0
v1.0.0: Self-service API publishing for Apiosk. Register your API, set pricing, earn 90-95% revenue. Auto-approval with health checks.
Metadata
Slug apiosk-publish
Version 1.1.0
License
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Apiosk Publish?

Publish and manage Apiosk gateway listings with signed wallet authentication, listing-group aware categorization, and update/delete operations. It is an AI Agent Skill for Claude Code / OpenClaw, with 690 downloads so far.

How do I install Apiosk Publish?

Run "/install apiosk-publish" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Apiosk Publish free?

Yes, Apiosk Publish is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Apiosk Publish support?

Apiosk Publish is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Apiosk Publish?

It is built and maintained by obcraft (@obcraft); the current version is v1.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments