← Back to Skills Marketplace
Secure Api Starter
by
Sunshine-del-ux
· GitHub ↗
· v1.0.0
294
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install secure-api-starter
Description
Provides a production-ready API template with JWT, API key, OAuth2 authentication, role-based access control, rate limiting, input validation, logging, and e...
Usage Guidance
Do not run any shell scripts referenced by this SKILL.md unless you can inspect them first. The skill promises many features but includes no code, no repo link, and no credential guidance (OAuth requires client IDs/secrets). Before installing or using: (1) ask the publisher for the source repository or a packaged archive; (2) review any create-api.sh and other scripts for arbitrary commands; (3) verify how secrets (JWT keys, OAuth client secrets) are handled — they should never be requested by an unrelated agent; (4) prefer skills that include source or link to a trusted release (e.g., GitHub repo or npm package) and provide explicit install steps. Because of the missing files and vague instructions, treat this skill as incomplete/untrusted until you can review its code.
Capability Analysis
Type: OpenClaw Skill
Name: secure-api-starter
Version: 1.0.0
The skill bundle contains only metadata and documentation for a secure API starter template. No executable code or scripts (such as the referenced 'create-api.sh') are included in the provided files, and the instructions in SKILL.md lack any evidence of prompt injection, malicious intent, or data exfiltration.
Capability Assessment
Purpose & Capability
The skill claims a production-ready API with JWT, API keys, OAuth2, RBAC, rate limiting, etc., but there are no code files, no repository/homepage, and no install spec. The SKILL.md expects ./create-api.sh and Node.js/TypeScript to be present, yet those scripts and project contents are not included — this is inconsistent with the stated purpose.
Instruction Scope
Instructions tell the agent (or user) to run ./create-api.sh with various flags. Because the script is not bundled or linked, the instructions are vague and leave room for arbitrary shell execution if a similarly named script exists locally. The SKILL.md also references OAuth2 providers (Google, GitHub) which normally require client IDs/secrets, but no guidance is given for obtaining or supplying those credentials.
Install Mechanism
There is no install specification (instruction-only), which minimizes automatic disk writes. That said, an instruction-only skill that tells the user or agent to run a local shell script without providing it is suspicious: it either expects local assets that don't exist or assumes the agent will create/obtain them — both are risky in practice.
Credentials
The skill declares no required environment variables or credentials, yet its stated features (OAuth2, API keys, JWT secrets) normally require secrets/config. The absence of any declared env vars or guidance for credential handling is disproportionate to the claimed functionality and suggests missing or incomplete implementation details.
Persistence & Privilege
The skill does not request persistent privileges (always: false) and does not declare any system-level config paths. It does allow normal autonomous invocation (default), which is expected; this alone is not flagged.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install secure-api-starter - After installation, invoke the skill by name or use
/secure-api-starter - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of Secure API Starter.
- Production-ready template for secure API development
- Supports JWT, API keys, OAuth2, and session-based authentication
- Includes role-based access control and per-user/IP rate limiting
- Features input/schema validation, comprehensive logging, and structured error handling
- Quick-start scripts and clear Node.js 18+ & TypeScript requirements
Metadata
Frequently Asked Questions
What is Secure Api Starter?
Provides a production-ready API template with JWT, API key, OAuth2 authentication, role-based access control, rate limiting, input validation, logging, and e... It is an AI Agent Skill for Claude Code / OpenClaw, with 294 downloads so far.
How do I install Secure Api Starter?
Run "/install secure-api-starter" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Secure Api Starter free?
Yes, Secure Api Starter is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Secure Api Starter support?
Secure Api Starter is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Secure Api Starter?
It is built and maintained by Sunshine-del-ux (@sunshine-del-ux); the current version is v1.0.0.
More Skills