← Back to Skills Marketplace
tommot2

Smart API Connector

by TommoT2 · GitHub ↗ · v3.0.0 · MIT-0
cross-platform ✓ Security Clean
234
Downloads
0
Stars
0
Active Installs
10
Versions
Install in OpenClaw
/install smart-api-connector
Description
Connect to any REST API using the agent's built-in web_fetch. Handles authentication headers, JSON payloads, error parsing, and retries. Use when: user wants...
README (SKILL.md)

Smart API Connector v3.0

Install: clawhub install smart-api-connector

REST API integration using built-in tools. No code, no curl, no dependencies.

Language

Detect from user's message language. Default: English.

Quick Start

User provides: API URL + what they want. Agent handles everything.

User: "Hent brukerinfo fra https://api.example.com/v1/users/123"

Agent runs: web_fetch https://api.example.com/v1/users/123 (with auth headers if provided)

Returns parsed response.

Authentication

API Key in Header

web_fetch url --headers '{"Authorization": "Bearer KEY", "X-API-Key": "KEY"}'

API Key via Environment Variable

exec: API_KEY="your_key" curl -s -H "Authorization: Bearer $API_KEY" "https://..."

Session-only Keys

API keys provided in conversation are used in-session only. Never persisted to files.

Error Handling

HTTP Status Action
200-299 Parse and return response
429 Rate limited — wait and retry (max 3 retries)
400 Bad request — show error, suggest fix
401/403 Auth failed — check key, permissions
404 Not found — verify URL
5xx Server error — retry once, then report

HTTP Methods

Method Use Case
GET Fetch data
POST Create data / send JSON body
PUT Update data
DELETE Remove data

For POST/PUT: prompt user for JSON body if not provided.

Response Parsing

Always extract and present the useful parts. For JSON APIs:

Response:
  Name: John
  Email: [email protected]
  Created: 2026-03-28

Raw: {first 200 chars if user wants detail}

Security

  • Keys are session-only — never written to files
  • Prefer environment variables over command-line args
  • Scoped/test keys over production secrets
  • Show user the exact request before executing (URL + method + headers, not the key value)

Quick Commands

User says Action
"query {url}" GET request
"POST to {url}" POST with body
"test API {url}" Request + show response
"API health check" GET and report status

Guidelines for Agent

  1. Use web_fetch first — built-in, no dependencies
  2. Fall back to exec/curl only if web_fetch can't handle the request
  3. Never persist API keys — session only
  4. Show request before executing — confirm with user for POST/PUT/DELETE
  5. Parse responses — extract useful data, don't dump raw JSON
  6. Handle errors gracefully — retry on 429, explain 401/403
  7. Match user language in responses

What This Skill Does NOT Do

  • Does NOT persist API keys or credentials
  • Does NOT require npm packages or external tools
  • Does NOT modify any local files
  • Does NOT make requests without user knowledge (for POST/PUT/DELETE)

More by TommoT2

  • workflow-builder-lite — Build and execute multi-step workflows
  • context-brief — Persistent context survival across sessions
  • setup-doctor — Diagnose and fix OpenClaw setup issues

Install the full suite:

clawhub install smart-api-connector workflow-builder-lite context-brief setup-doctor
Usage Guidance
This instruction-only skill mostly does what it says: use web_fetch to call APIs, show and parse responses, and handle retries. Before installing or using it: 1) ask the publisher to clarify why the README says 'No curl' but also shows a curl fallback; confirm whether the agent will actually run shell execs and under what conditions. 2) Avoid pasting production API keys into chat; prefer short-lived or scoped test keys. 3) If you must use an environment variable, set it in a secure environment rather than sending it in conversation; the curl example (inline env + curl) can expose keys to process listings on some systems. 4) Confirm how the platform enforces the 'never persist API keys' promise if that matters to you. Overall the skill looks coherent with its stated purpose, but validate the curl fallback and secret-handling behavior before trusting it with sensitive credentials.
Capability Assessment
Purpose & Capability
The name/description (connect to REST APIs, handle auth/JSON/retries) aligns with the SKILL.md content: it uses built-in web_fetch, supports auth headers, methods, error handling and response parsing as expected.
Instruction Scope
Instructions primarily use the agent's built-in web_fetch (appropriate). However the SKILL.md also instructs a fallback to exec/curl and shows an inline `exec: API_KEY="your_key" curl ...` example, which expands scope to running shell commands; this contradicts the earlier 'No curl, no dependencies' claim and grants the agent permission to run arbitrary shell execs when web_fetch 'can't handle' a request.
Install Mechanism
Instruction-only skill with no install spec and no files to write — minimal install risk.
Credentials
The doc references an API_KEY environment variable in examples, but the skill declares no required env vars. The env usage appears optional (user-supplied), which is reasonable, but the SKILL.md should have declared that API_KEY is an optional env var. Also the curl fallback pattern (inline env + curl) can expose secrets to process lists on some systems.
Persistence & Privilege
The skill is not always-enabled, does not request persistent presence, and explicitly claims not to persist keys or modify files. No installation-time privileges requested.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install smart-api-connector
  3. After installation, invoke the skill by name or use /smart-api-connector
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v3.0.0
Simplified from 220 to 60 lines. web_fetch first, curl fallback. Clean auth patterns, error handling, no hardcoded prices.
v2.1.0
Concrete safe key patterns: env vars (preferred), stdin/heredoc, netrc file, PowerShell SecureString. Explicit forbidden pattern (no inline keys in args). All examples updated.
v2.0.0
Security audit: honest API key retention disclosure, removed hard curl dependency (agent exec with automatic fallback), removed misleading session-only guarantee, clearer security section with recommendations for scoped keys
v1.6.0
Fixed documentation ambiguity: replaced shell-variable placeholders with plain-text placeholders in curl examples to match session-only credential policy.
v1.5.0
Security: removed all negative credential storage references (bashrc, zshrc, SetEnvironmentVariable). Removed memory/ file tracking. All connections are session-only.
v1.4.0
Security: removed persistent env var storage (was writing to ~/.bashrc and SetEnvironmentVariable). API keys are now session-only. Removed USER.md access. Updated description.
v1.3.0
Security: hardened credential handling language, added homepage/provenance.
v1.2.0
Security: replaced npx clawhub@latest with clawhub install.
v1.1.0
Added cross-promotion: recommends workflow-builder-lite, setup-doctor, tommo-skill-guard.
v1.0.0
Initial release: Connect to any REST API without code. Supports GET/POST/PUT/DELETE with auto-retry, rate limiting, error parsing, and structured response formatting. 5 auth methods, environment variable storage, saved connections tracker. Free: 3 APIs. Pro: unlimited + advanced features.
Metadata
Slug smart-api-connector
Version 3.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 10
Frequently Asked Questions

What is Smart API Connector?

Connect to any REST API using the agent's built-in web_fetch. Handles authentication headers, JSON payloads, error parsing, and retries. Use when: user wants... It is an AI Agent Skill for Claude Code / OpenClaw, with 234 downloads so far.

How do I install Smart API Connector?

Run "/install smart-api-connector" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Smart API Connector free?

Yes, Smart API Connector is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Smart API Connector support?

Smart API Connector is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Smart API Connector?

It is built and maintained by TommoT2 (@tommot2); the current version is v3.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments