← Back to Skills Marketplace
Slingdata.io API Spec
by
Fritz Larco
· GitHub ↗
· v1.0.0
431
Downloads
1
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install sling-api-specs
Description
Build REST API specifications for Sling data extraction. Use when creating API specs, configuring authentication (OAuth, API key, Bearer token, HMAC), settin...
Usage Guidance
This bundle is documentation and examples for authoring Sling-style REST API extraction YAML specs — it contains no executables. It does, however, show how specs can consume secrets (secrets.*) and environment variables and how processors can write env.* and persisted sync state. Before using or running any spec created from these docs: (1) inspect specs for any endpoints or external URLs you don't trust, (2) avoid embedding real credentials directly in spec files, (3) only provide the minimal credentials required for a given source (don't reuse high-privilege AWS keys), and (4) treat specs from untrusted authors like code — they can cause the runtime to contact arbitrary external APIs and leak data if misconfigured. If you plan to allow an agent to invoke specs autonomously, restrict which specs it can run and which credentials it may access.
Capability Analysis
Type: OpenClaw Skill
Name: sling-api-specs
Version: 1.0.0
The skill bundle is documentation for defining API specifications, which is a benign purpose. However, it describes a system with several high-risk capabilities that, if exposed to untrusted input, could lead to significant vulnerabilities. Specifically, the `SKILL.md` mentions parsing local files via `file_path`, `ENDPOINTS.md` shows the ability to execute database queries via `hooks` with `type: query`, and `PROCESSORS.md` indicates the ability to set environment variables via `output: "env.VAR"`. While these are presented as legitimate features for data integration, they represent potential Local File Inclusion, SQL Injection, and environment variable manipulation vulnerabilities if the OpenClaw agent's execution environment does not strictly sanitize inputs or restrict these powerful actions. There is no evidence of intentional malicious behavior within the skill bundle itself, but the documented capabilities are sufficiently risky to warrant a 'suspicious' classification.
Capability Assessment
Purpose & Capability
Name/description claim to build API specs; the files and examples are entirely about authentication types, pagination, response processing, queues, incremental sync, and dynamic endpoints — all coherent with an API-spec builder. The skill does not request unrelated binaries or credentials in its registry metadata.
Instruction Scope
SKILL.md and the included docs instruct how to author specs and show example runtime actions (parse/test). The docs reference secrets.* and env.* placeholders and include examples that set environment variables (e.g., env.LAST_UPDATE, OVERRIDE_START_DATE). That behavior is expected for a spec authoring tool, but you should understand that specs created from this guidance can read and require credential values and may write to environment/state at runtime — review any spec before executing it.
Install Mechanism
No install spec and no code files to execute — this is instruction-only. No remote downloads or package installs are present in the bundle.
Credentials
The documentation documents many auth types (OAuth2, AWS sigv4, HMAC, API keys, basic, device flow) and uses placeholders like {secrets.*} and {env.*}. The skill package itself does not request credentials, which is appropriate for a generic spec library, but users will need to supply relevant credentials when running generated specs. Be cautious about which secrets you provide to any runtime that executes specs built from these documents.
Persistence & Privilege
The skill is not always-installed and does not declare elevated privileges. It does not modify other skills or system-wide agent configuration. The documentation describes persisting sync state as part of normal replication workflows — expected for this domain.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install sling-api-specs - After installation, invoke the skill by name or use
/sling-api-specs - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of the sling-api-specs skill.
- Provides tools and documentation to build REST API specifications for Sling data extraction.
- Supports multiple authentication methods, complex pagination, response processing, rate limiting, and endpoint chaining.
- Includes YAML spec structure examples and operations for parsing and testing API specs.
- Offers detailed topic-based reference guides for authentication, request/response handling, pagination, variable scopes, and more.
Metadata
Frequently Asked Questions
What is Slingdata.io API Spec?
Build REST API specifications for Sling data extraction. Use when creating API specs, configuring authentication (OAuth, API key, Bearer token, HMAC), settin... It is an AI Agent Skill for Claude Code / OpenClaw, with 431 downloads so far.
How do I install Slingdata.io API Spec?
Run "/install sling-api-specs" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Slingdata.io API Spec free?
Yes, Slingdata.io API Spec is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Slingdata.io API Spec support?
Slingdata.io API Spec is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Slingdata.io API Spec?
It is built and maintained by Fritz Larco (@flarco); the current version is v1.0.0.
More Skills