← Back to Skills Marketplace
yuriskills

A transparent proxy for the Facebook Graph API. Replace the domain, pass your Yuri API token, and call any Facebook endpoint — no Facebook access token needed on the client side.

by yuriskills · GitHub ↗ · v1.0.10 · MIT-0
cross-platform ⚠ suspicious
315
Downloads
0
Stars
0
Active Installs
11
Versions
Install in OpenClaw
/install yuri-graph-gateway
Description
Yuri Graph Gateway — Facebook Graph API Proxy Service Usage Guide
Usage Guidance
This skill behaves as a simple Graph API proxy and only needs one token (YURI_TOKEN), which is reasonable — but do not hand over production Facebook credentials until you verify the provider. Steps to reduce risk before installing: 1) Ask the publisher to fix and re-publish consistent metadata (registry fields should list YURI_TOKEN as required and version should match). 2) Request audited/open-source gateway code or third-party security review and a clear privacy policy about how Facebook tokens and request data are stored and for how long. 3) Use a least-privilege, short-lived, test Facebook account/token when first trying the gateway. 4) Prefer server-side usage where possible (avoid embedding tokens in client-side code or URLs), and rotate tokens after testing. 5) If you need stronger assurance, host your own proxy or use a well-known, audited gateway provider. If the provider supplies verifiable docs and corrected metadata, re-evaluate — this assessment may shift toward benign.
Capability Analysis
Type: OpenClaw Skill Name: yuri-graph-gateway Version: 1.0.10 The skill bundle provides instructions to redirect Facebook Graph API traffic and credentials to a third-party proxy service at facebook-graph.baiz.ai. The SKILL.md file contains unusual meta-commentary that appears specifically designed to influence a security review by justifying its own architecture and metadata compliance. While the bundle lacks executable code and includes standard security warnings, the inherent risk of a third-party intermediary for sensitive API access, combined with the persuasive 'self-audit' tone in the documentation, is a significant red flag.
Capability Assessment
Purpose & Capability
The SKILL.md and included _meta.json declare a single sensitive credential (YURI_TOKEN) which matches the described proxy purpose. However the registry summary at the top of the submission claims no required env vars / no primary credential, which contradicts the skill files. There is also a version mismatch (registry shows 1.0.10, _meta.json is 1.0.8). This metadata incoherence could be accidental but makes it harder to verify the provider and trust the package.
Instruction Scope
The runtime instructions are limited to proxy usage: sign up at baiz.ai, obtain a Yuri token, and replace graph.facebook.com with facebook-graph.baiz.ai and use YURI_TOKEN as access_token. The guidance explicitly warns about token-in-URL risks and recommends least-privilege test tokens. The instructions do not ask the agent to read local files or access unrelated environment variables.
Install Mechanism
This is instruction-only with no install spec and no code files. That is lowest install risk (nothing is written to disk by the skill itself).
Credentials
The skill declares one sensitive credential (YURI_TOKEN), which is proportionate for a proxy service. However the top-level registry metadata contradicted that by listing no required env vars/primary credential. Also, a proxy necessarily implies that the provider will manage/hold Facebook access tokens (if you link an account or request access), which is a high-privilege operation outside the agent — the SKILL.md does warn about this and tells users not to hand over production credentials until the provider is verified.
Persistence & Privilege
No 'always:true' flag, the skill is user-invocable and can be invoked autonomously (platform default). There is no install script, no code that modifies other skills or system settings. No excessive persistence requested by the skill itself.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install yuri-graph-gateway
  3. After installation, invoke the skill by name or use /yuri-graph-gateway
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.10
**No functional or code changes; SKILL.md documentation expanded.** - Clarified that the proxy behavior strictly matches the stated purpose—domain and token swap, no feature creep. - Added a new section explaining why a single credential is appropriate and reinforced metadata alignment. - Emphasized that the documentation is instruction-only, reiterating security advice for token handling. - No updates to runtime logic or interface; this is a documentation/narrative improvement only.
v1.0.9
v1.0.9 – Maintenance release - No changes detected in files or documentation. - Version bump only; no new features or fixes.
v1.0.8
yuri-graph-gateway 1.0.8 - Cleaned up documentation by removing registry/metadata mismatch warnings. - Moved to a concise credentials explanation, focused solely on the Yuri API token. - Clarified best practices and cautions about credential safety and provider verification. - Simplified "Before You Start" guidance and security notes for easier reading. - No code or functional changes—this was a documentation and guidance update only.
v1.0.7
**Changelog for yuri-graph-gateway 1.0.7** - Added a new warning section about credential and registry metadata mismatches, highlighting that the registry does not declare the required YURI_TOKEN as shown in SKILL.md and _meta.json. - Emphasized the need to clarify and resolve discrepancies between registry metadata and the skill bundle before use. - Improved step-by-step instructions and warnings regarding provider verification, safe credential handling, and recommended best practices. - Clarified token requirements and usage with enhanced tables and callouts in both English and Chinese. - Added prominent guidance to seek verifiable provider details and to avoid the use of production credentials until all trust issues are resolved.
v1.0.6
Version 1.0.6 - Updated the "Before You Start" section to emphasize that the skill is potentially risky until provider and metadata are verified. - Reworded risk warnings to advise explicit verification of provider legitimacy, with more focus on requiring server-side details and privacy policies. - Clarified the importance of not using production credentials and improved guidance on token handling and secure storage. - Enhanced instructions about not passing tokens in URLs, recommending Authorization headers or request bodies if supported. - Added explicit recommendation to prefer direct Facebook API access or self-hosted proxies if verification is not possible. - Improved bilingual (English/Chinese) safety and usage instructions throughout for clarity.
v1.0.5
## Yuri Graph Gateway v1.0.5 Changelog - SKILL.md significantly reorganized for clarity, with improved warnings and step-by-step instructions. - Risks and recommendations (privacy, provider verification, credential handling) are now presented in a checklist/table for easier review. - Usage examples, quick start, and feature tables reformatted for better readability. - Security guidance on token handling, logging, and traffic privacy further clarified; practical advice now highlighted. - No code or functional changes—documentation only.
v1.0.4
v1.0.4 - Added security and risk clarifications to the "Before You Start" section, including explicit warnings about third-party trust, token handling, and potential proxy visibility. - Emphasized the need to verify provider claims and not assume registry metadata is authoritative for environment requirements. - Updated guidance on avoiding URL-based token transmission and reinforced the importance of using sandbox/test accounts first. - No functional or code changes—documentation improvements only.
v1.0.3
**Added security and usage guidance for all users** - Introduced a new "Before You Start / 使用前须知" section with important warnings on trust, credential handling, and query parameter risks. - Strengthened advice throughout regarding token sensitivity, recommending short-lived tokens, secret storage, and frequent rotation. - Provided guidance on token exposure via URL query parameters and recommended using the request body instead for POST/PUT requests. - Emphasized the need for initial testing with low-privilege accounts and direct verification of provider claims about data logging. - No other core functionality changed.
v1.0.2
Version 1.0.2 - Switched from `BAIZ_API_TOKEN` (header-based) to `YURI_TOKEN` (token passed as `access_token` param, format `yuri_sk_XXXXX`) - Updated all usage, quick start, and security docs to reflect the new token method (no special headers needed) - Clarified credential setup in environment variables section - Adjusted example API requests to demonstrate new token usage - Added two new files: `.claude/settings.local.json` and `_meta.json`
v1.0.1
Version 1.0.1 - Improved SKILL.md documentation: added details on token lifecycle, rotation, and per-team scoping. - Clarified Facebook token security: explained short-lived vs. long-lived tokens, encryption methods (AES-256), and team isolation. - Updated logging and retention policy: made clear that only request metadata is logged; request/response bodies are not persisted. - Added audit log section: documented logging of token and Facebook account management events. - Enhanced best practices: added explicit guidance on not transmitting PII and verifying gateway TLS certificates. - Added clearer contact/support instructions with dashboard references.
v1.0.0
Yuri Graph Gateway initial release. - Provides a transparent proxy for the Facebook Graph API, removing the need for clients to manage Facebook access tokens. - Allows calling any Facebook Graph API endpoint by replacing the domain and using a BAIZ_API_TOKEN. - Supports all HTTP methods, Graph API versions/endpoints, file uploads, and various request bodies. - Handles secure server-side storage and injection of Facebook access tokens. - Includes detailed guidance on setup, API usage, token management, security, and privacy best practices.
Metadata
Slug yuri-graph-gateway
Version 1.0.10
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 11
Frequently Asked Questions

What is A transparent proxy for the Facebook Graph API. Replace the domain, pass your Yuri API token, and call any Facebook endpoint — no Facebook access token needed on the client side.?

Yuri Graph Gateway — Facebook Graph API Proxy Service Usage Guide. It is an AI Agent Skill for Claude Code / OpenClaw, with 315 downloads so far.

How do I install A transparent proxy for the Facebook Graph API. Replace the domain, pass your Yuri API token, and call any Facebook endpoint — no Facebook access token needed on the client side.?

Run "/install yuri-graph-gateway" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is A transparent proxy for the Facebook Graph API. Replace the domain, pass your Yuri API token, and call any Facebook endpoint — no Facebook access token needed on the client side. free?

Yes, A transparent proxy for the Facebook Graph API. Replace the domain, pass your Yuri API token, and call any Facebook endpoint — no Facebook access token needed on the client side. is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does A transparent proxy for the Facebook Graph API. Replace the domain, pass your Yuri API token, and call any Facebook endpoint — no Facebook access token needed on the client side. support?

A transparent proxy for the Facebook Graph API. Replace the domain, pass your Yuri API token, and call any Facebook endpoint — no Facebook access token needed on the client side. is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created A transparent proxy for the Facebook Graph API. Replace the domain, pass your Yuri API token, and call any Facebook endpoint — no Facebook access token needed on the client side.?

It is built and maintained by yuriskills (@yuriskills); the current version is v1.0.10.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 Comments