← Back to Skills Marketplace
103
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install apify-keys
Description
Rotating Apify API key manager. Returns the least-recently-used active Apify key from the ColdCore database. Use before any Apify API call to get a fresh key...
README (SKILL.md)
Apify Key Rotator
Get a rotating Apify API key from the ColdCore database. Keys are rotated by least-recently-used with balance checking.
Usage
Get next available API key:
python3 ~/.openclaw/workspace/skills/apify-keys/scripts/get_key.py
Get key as JSON (for piping to other scripts):
python3 ~/.openclaw/workspace/skills/apify-keys/scripts/get_key.py --json
Check balance on a specific key:
python3 ~/.openclaw/workspace/skills/apify-keys/scripts/get_key.py --check-balance --key "apify_api_xxxxx"
List all available keys with balances:
python3 ~/.openclaw/workspace/skills/apify-keys/scripts/get_key.py --list
How It Works
- Connects to ColdCore MySQL database
- Queries
scrape_sm_accountsfor active Apify accounts - Returns the account with the oldest
last_usedtimestamp (least recently used) - Updates
last_usedto current timestamp after selection - Skips accounts with zero balance
Environment Variables
The script reads database credentials from these environment variables (falls back to defaults):
COLDCORE_HOST— MySQL hostCOLDCORE_USER— MySQL usernameCOLDCORE_PASS— MySQL passwordCOLDCORE_DB— Database name (default:lead_generator)
Output
Default mode: prints just the API key string (for easy piping)
apify_api_xxxxx
JSON mode (--json):
{"id": 68, "api_key": "apify_api_xxxxx", "email": "[email protected]", "balance": 4.95}
Integration with Other Skills
Other skills that need Apify access should call this script to get a key:
APIFY_KEY=$(python3 ~/.openclaw/workspace/skills/apify-keys/scripts/get_key.py)
# Then use $APIFY_KEY in your API calls
Or in Python:
import subprocess
result = subprocess.run(
["python3", os.path.expanduser("~/.openclaw/workspace/skills/apify-keys/scripts/get_key.py"), "--json"],
capture_output=True, text=True
)
key_data = json.loads(result.stdout)
api_key = key_data["api_key"]
Usage Guidance
This skill implements an Apify key rotator that reads/writes a remote ColdCore MySQL database and returns API keys (sensitive secrets). Before installing or using it, consider the following:
- The code contains default, hard-coded DB credentials and a specific IP address. Treat this as a red flag: verify the host and credentials are intended for your environment. Do not rely on the embedded defaults.
- The registry metadata does not declare the COLDCORE_* environment variables the script uses; if you install, supply your own COLDCORE_HOST/COLDCORE_USER/COLDCORE_PASS/COLDCORE_DB via environment variables to avoid using defaults.
- The script will auto-install Python packages at runtime (pip). If you have policies against on-the-fly package installation, avoid using this skill or inspect/approve the packages first.
- The skill will update the database (it writes last_used timestamps). Ensure you trust the remote DB and understand that invocations will modify its data.
- Because the skill returns API keys, limit its use and who/what can invoke it. Prefer running this code in a trusted environment, replace hard-coded defaults with secure config or secrets, and review network access to the DB host.
If you cannot confirm the legitimacy of the embedded host/credentials, do not install or run this skill. At minimum, request an updated version that removes hard-coded secrets, documents required env vars in registry metadata, and provides an explicit install/permission model for dependencies.
Capability Assessment
Purpose & Capability
Name/description match the code: the script selects, updates, and returns Apify API keys from a ColdCore MySQL DB. However, the registry metadata declares no required environment variables or credentials while the SKILL.md and code expect COLDCORE_* env vars — and the script embeds a default DB host, username, and password (IP 208.87.131.78 / avnadmin / lRHS2T8XagsA5z4u3ZYd). That embedded credential and absent metadata are disproportionate or at least undocumented.
Instruction Scope
SKILL.md instructs calling the included script; the script connects to a remote MySQL DB, SELECTs and UPDATEs rows in scrape_sm_accounts, and may call api.apify.com to check balances. Those actions are consistent with the stated purpose, but the use of a hardcoded default DB host/creds and the fact the script will auto-install Python packages at runtime expands scope and privileges beyond what the registry metadata documents.
Install Mechanism
There is no formal install spec, but the script attempts to install dependencies at runtime (pip install mysql-connector-python and requests) using subprocess.check_call and --break-system-packages. Runtime, implicit package installation can modify the environment and is higher risk than an instruction-only skill that doesn't write to disk or install packages.
Credentials
SKILL.md documents COLDCORE_HOST/USER/PASS/DB env vars, but the skill registry lists no required envs or primary credential. The code provides default, hard-coded DB credentials — sensitive information — which is not justified in the registry metadata. The skill will return sensitive Apify API keys sourced from that DB; this behavior is expected for a key-rotator but increases the sensitivity of the missing/embedded credential handling.
Persistence & Privilege
The skill is not always-enabled and does not request elevated agent privileges. It does modify remote state (updates last_used in the ColdCore DB) which is expected for an LRU rotator, but it does not alter other skills or system-wide agent configuration.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install apify-keys - After installation, invoke the skill by name or use
/apify-keys - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of apify-keys skill.
- Provides a rotating Apify API key manager using least-recently-used logic with balance verification.
- Retrieves and updates key usage from the ColdCore MySQL database.
- Offers CLI usage for getting keys, JSON output, checking balances, and listing all available keys.
- Uses environment variables for database configuration with sensible defaults.
- Designed to be easily integrated with other scripts and skills.
Metadata
Frequently Asked Questions
What is Apify Keys?
Rotating Apify API key manager. Returns the least-recently-used active Apify key from the ColdCore database. Use before any Apify API call to get a fresh key... It is an AI Agent Skill for Claude Code / OpenClaw, with 103 downloads so far.
How do I install Apify Keys?
Run "/install apify-keys" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Apify Keys free?
Yes, Apify Keys is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Apify Keys support?
Apify Keys is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Apify Keys?
It is built and maintained by aces1up (@aces1up); the current version is v1.0.0.
More Skills