← Back to Skills Marketplace
api-test
by
2367961075
· GitHub ↗
· v1.0.3
· MIT-0
341
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install api-test
Description
API接口文档助手。用于编写REST API文档、定义接口规范、生成接口说明。当需要编写API文档、接口规范时触发。
README (SKILL.md)
\r \r
API接口文档\r
\r 版本:V1.0\r 更新日期:YYYY-MM-DD\r 维护人:XXX\r \r ---\r \r
接口概览\r
\r | 模块 | 接口数 | 负责人 |\r |------|--------|--------|\r | 用户模块 | 5 | @xxx |\r | 订单模块 | 8 | @xxx |\r | 支付模块 | 4 | @xxx |\r \r ---\r \r
通用说明\r
\r
认证方式
Usage Guidance
This skill's description promises an API documentation assistant, but the bundled Skill.py is a generic HTTP client able to call arbitrary URLs and send JSON. Before installing: 1) Ask the author why the skill needs to perform arbitrary HTTP requests and to document that behavior in SKILL.md. 2) Request that network behavior and required dependencies (requests) be declared. 3) If network calls are necessary (e.g., to fetch live examples), limit them to well-known endpoints and add allow-listing; otherwise remove or disable network capability. 4) If you proceed, run the skill in a sandboxed environment, disable autonomous invocation where possible, and review or audit the code to ensure it won't send sensitive data to external servers. If you cannot verify the intent and code, treat the skill as untrusted and do not install it in environments with sensitive data.
Capability Analysis
Type: OpenClaw Skill
Name: api-test
Version: 1.0.3
The skill bundle provides a generic HTTP client in 'Skill.py' that allows the agent to perform arbitrary GET and POST requests to any user-provided URL. This implementation lacks any domain whitelisting or input sanitization, creating a high risk for Server-Side Request Forgery (SSRF) attacks against internal or external resources. While the 'SKILL.md' describes the tool as an API documentation assistant, the underlying code is a broad network utility without safety constraints.
Capability Assessment
Purpose & Capability
The SKILL.md describes an API documentation assistant. The included Python file (Skill.py), however, implements a generic HTTP client that can call arbitrary URLs with GET/POST and send JSON payloads. Making arbitrary external requests is not necessary for producing static API docs and is not mentioned in the skill description or SKILL.md.
Instruction Scope
Runtime instructions (SKILL.md) only describe documenting APIs and do not instruct the agent to call external endpoints. The actual code will perform network calls when invoked. This is a scope mismatch: the instructions do not disclose the network I/O behavior present in the code.
Install Mechanism
There is no install spec (instruction-only plus a code file). The code imports the 'requests' library but the skill does not declare this dependency. Lack of declared dependencies may cause runtime failures or hide additional requirements, but there is no installer or external download URL—so installation risk is low.
Credentials
No environment variables or credentials are declared, yet the skill can perform arbitrary outbound HTTP requests and send data in requests. That capability could be used to exfiltrate data if the agent passes sensitive content to the skill. The network-capable behavior is not justified by the declared purpose.
Persistence & Privilege
always is false (default) and the skill may be invoked autonomously (platform default). Autonomous invocation combined with undeclared network-capable code raises the blast radius, but autonomy alone is not unusual. Consider restricting autonomous runs or requiring explicit user invocation until the code is verified.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install api-test - After installation, invoke the skill by name or use
/api-test - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
No code or content changes detected in this version.
- Version updated to 1.0.3 with no functional or documentation modifications.
- No impact on usage or behavior.
v1.0.2
- No changes detected in this version.
v1.0.1
- Version updated to 1.0.1 with no file changes detected.
- No new features, fixes, or documentation updates were introduced in this release.
v1.0.0
- Initial release of the API 数据获取 (API Data Fetch) skill.
- Supports HTTP/HTTPS requests to third-party APIs with GET and POST methods.
- Automatically parses JSON responses and returns standardized results.
- Allows configuration of URL, method, headers, query parameters, POST data, and timeout.
- Facilitates use cases such as data retrieval, API testing, and external data integration.
Metadata
Frequently Asked Questions
What is api-test?
API接口文档助手。用于编写REST API文档、定义接口规范、生成接口说明。当需要编写API文档、接口规范时触发。 It is an AI Agent Skill for Claude Code / OpenClaw, with 341 downloads so far.
How do I install api-test?
Run "/install api-test" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is api-test free?
Yes, api-test is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does api-test support?
api-test is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created api-test?
It is built and maintained by 2367961075 (@2367961075); the current version is v1.0.3.
More Skills