← Back to Skills Marketplace
leonardodpanda

REST API Tester

by LeonardoDpanda · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
622
Downloads
1
Stars
3
Active Installs
1
Versions
Install in OpenClaw
/install rest-api-tester
Description
Test REST APIs with customizable headers, authentication, and request bodies. Use when debugging API endpoints, testing authentication flows, validating resp...
Usage Guidance
This skill is essentially a set of code examples for testing APIs — it's coherent and doesn't ask for secrets itself, but be careful when using it: do not paste real production credentials into examples you run; run tests and the Flask listener in an isolated or disposable environment; be cautious when exposing local services with ngrok (it can expose local resources to the public); pin and review any pip packages you install (use a virtualenv and consider specifying versions); and review any URLs the skill will contact to avoid sending sensitive data to unintended endpoints.
Capability Analysis
Type: OpenClaw Skill Name: rest-api-tester Version: 1.0.0 The skill bundle is classified as suspicious due to its inherent capabilities for making arbitrary network requests and running a local web server, which, while legitimate for an API testing tool, present significant security risks. The `requests` library is used to perform GET/POST/PUT/DELETE/PATCH operations to any specified URL, potentially leading to Server-Side Request Forgery (SSRF) if the agent's input is not properly sanitized. Additionally, the `create_webhook_listener` function in `SKILL.md` uses Flask to create a local web server, which could expose a port on the agent's host, especially with the suggested `ngrok` usage. There is no evidence of intentional malicious behavior such as data exfiltration or backdoor installation, but the powerful network access capabilities make it a high-risk tool that could be abused.
Capability Assessment
Purpose & Capability
Name and description match the SKILL.md contents: example code shows GET/POST/PUT/DELETE, auth headers, performance checks, webhook listener, and an API test suite. The declared requirements (none) are appropriate for an instruction-only recipe.
Instruction Scope
Instructions tell the agent/user how to perform network calls to arbitrary endpoints, create a local Flask webhook listener, and suggest using ngrok to expose it. This is expected for an API tester, but these actions can transmit or receive sensitive data depending on what URLs or credentials the user provides — the skill itself does not access extra system files or environment variables.
Install Mechanism
There is no install spec; the SKILL.md suggests installing Python packages via pip (requests, flask). That is proportional to the examples shown and is a common, low-risk suggestion for a code snippet.
Credentials
The skill declares no environment variables, credentials, or config paths. Example code accepts tokens/credentials as parameters (which is appropriate). There are no unexplained requests for secrets or unrelated service keys.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or modify other skills or agent settings. Autonomous invocation is allowed by platform default but not flagged here because it is not combined with other red flags.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install rest-api-tester
  3. After installation, invoke the skill by name or use /rest-api-tester
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Slug rest-api-tester
Version 1.0.0
License
All-time Installs 3
Active Installs 3
Total Versions 1
Frequently Asked Questions

What is REST API Tester?

Test REST APIs with customizable headers, authentication, and request bodies. Use when debugging API endpoints, testing authentication flows, validating resp... It is an AI Agent Skill for Claude Code / OpenClaw, with 622 downloads so far.

How do I install REST API Tester?

Run "/install rest-api-tester" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is REST API Tester free?

Yes, REST API Tester is completely free (open-source). You can download, install and use it at no cost.

Which platforms does REST API Tester support?

REST API Tester is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created REST API Tester?

It is built and maintained by LeonardoDpanda (@leonardodpanda); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments