← Back to Skills Marketplace
720
Downloads
1
Stars
6
Active Installs
1
Versions
Install in OpenClaw
/install magic-api-generate
Description
magic-api 国产接口快速开发框架。通过 Web UI 编写脚本自动映射为 HTTP 接口,无需 Controller/Service/Dao。当用户提到 magic-api、接口快速开发、低代码接口、动态接口生成、magic-script 时触发此技能。适用于 Spring Boot 集成、数据库操作、脚...
README (SKILL.md)
magic-api 技能
magic-api 是基于 Java 的接口快速开发框架,通过 Web UI 编写脚本自动生成 HTTP 接口,无需定义 Controller、Service、Dao、Mapper、XML、VO 等 Java 对象。
快速开始
Maven 依赖
\x3Cdependency>
\x3CgroupId>org.ssssssss\x3C/groupId>
\x3CartifactId>magic-api-spring-boot-starter\x3C/artifactId>
\x3Cversion>2.2.2\x3C/version>
\x3C/dependency>
application.yml 配置
server:
port: 9999
magic-api:
web: /magic/web # Web UI 入口
resource:
location: /data/magic-api # 脚本存储位置(可改为 classpath: 只读模式)
访问 Web UI
http://localhost:9999/magic/web
核心概念
内置对象
| 对象 | 说明 | 示例 |
|---|---|---|
request |
HTTP 请求参数 | request.name |
path |
URL 路径参数 | path.id |
body |
请求体 JSON | body.name |
db |
数据库操作 | db.select() |
log |
日志输出 | log.info() |
cache |
缓存操作 | cache.set() |
response |
HTTP 响应 | response.setHeader() |
脚本语法
magic-api 使用 magic-script 脚本语言,语法类似 JavaScript:
// 变量定义
var name = request.name;
var id = path.id;
// 条件判断
if (name) {
log.info("用户名: " + name);
}
// 返回结果
return {code: 200, data: list};
数据库操作
查询
// 查询列表
var list = db.select("select * from user");
// 带参数查询
var list = db.select("select * from user where status = ?", 1);
// 查询单条
var user = db.selectOne("select * from user where id = ?", id);
// 查询单值
var count = db.selectValue("select count(*) from user");
// 分页查询
var page = db.page("select * from user", 1, 10);
// 返回: {list: [...], total: 100, pageSize: 10, pageNumber: 1}
增删改
// 插入(返回影响行数)
var affected = db.insert("user", {name: "张三", age: 25});
// 插入并返回自增ID
var id = db.insert("user", {name: "张三"}, true);
// 更新
var affected = db.update("user", {name: "李四"}, "id = ?", 1);
// 删除
var affected = db.delete("user", "id = ?", 1);
事务
db.transaction(() => {
var orderId = db.insert("orders", order, true);
db.update("product", {stock: stock - 1}, "id = ?", productId);
});
HTTP 接口配置
请求方法映射
| 方法 | 用途 | 示例路径 |
|---|---|---|
| GET | 查询 | /api/user/:id |
| POST | 新增 | /api/user |
| PUT | 更新 | /api/user/:id |
| DELETE | 删除 | /api/user/:id |
参数获取
// URL 路径参数: /api/user/:id
var id = path.id;
// Query 参数: /api/user?name=xxx
var name = request.name;
// 请求体 JSON
var body = request.body;
var username = body.username;
// 请求头
var token = request.header("Authorization");
常用模式
RESTful CRUD
// GET /api/user/:id - 查询单个
var user = db.selectOne("select * from user where id = ?", path.id);
return user ? {code: 200, data: user} : {code: 404, msg: "用户不存在"};
// GET /api/user - 查询列表
return {code: 200, data: db.select("select * from user")};
// POST /api/user - 新增
var id = db.insert("user", body, true);
return {code: 200, data: {id: id}, msg: "创建成功"};
// PUT /api/user/:id - 更新
db.update("user", body, "id = ?", path.id);
return {code: 200, msg: "更新成功"};
// DELETE /api/user/:id - 删除
db.delete("user", "id = ?", path.id);
return {code: 200, msg: "删除成功"};
条件查询
var sql = "select * from user where 1=1";
var params = [];
if (request.name) {
sql += " and name like ?";
params.push("%" + request.name + "%");
}
if (request.status) {
sql += " and status = ?";
params.push(request.status);
}
return db.select(sql, ...params);
登录认证
// 登录
var user = db.selectOne("select * from user where username = ?", body.username);
if (!user || user.password != body.password) {
return {code: 401, msg: "用户名或密码错误"};
}
var token = "token_" + user.id + "_" + Date.now();
cache.set("token:" + token, user.id, 86400);
return {code: 200, data: {token: token, user: user}};
// 认证拦截(放在需要登录的接口开头)
var token = request.header("Authorization");
var userId = cache.get("token:" + token);
if (!userId) return {code: 401, msg: "请先登录"};
高级功能
详见参考文档:
注意事项
- 安全性 - 生产环境关闭 Web UI 或限制 IP 访问
- 版本控制 - 脚本目录建议 Git 管理
- 密码加密 - 使用 MD5/BCrypt,不要明文存储
- SQL 注入 - 使用参数化查询
?占位符 - 性能 - 复杂逻辑拆分多个接口,避免单脚本过长
官方资源
- 文档:https://www.ssssssss.org/magic-api/
- GitHub:https://github.com/ssssssss-team/magic-api
- Gitee:https://gitee.com/ssssssss-team/magic-api
- 在线演示:https://magic-api.ssssssss.org.cn
Usage Guidance
This skill is documentation/instructions for the magic-api framework and appears coherent with that purpose. Before using it in a real project: (1) Restrict or disable the framework's Web UI in production (the docs even advise this). (2) Review and audit any scripts you store or accept from others — the scripting API can run Java code, access files, databases, and outbound HTTP which could be abused to leak data or modify your system. (3) Use secure practices the docs mention but sometimes show insecure defaults—do not use MD5 for passwords (use bcrypt/Argon2), validate and sanitize file uploads and inputs, and use parameterized queries. (4) Protect database credentials and cache/backing stores used by magic-api. If you plan to allow others to author scripts, run them in a restricted/sandboxed environment and perform code review before enabling endpoints.
Capability Analysis
Type: OpenClaw Skill
Name: magic-api-generate
Version: 1.0.0
The skill bundle provides comprehensive documentation and code examples for the 'magic-api' Java framework. It includes instructions for database operations, RESTful API development, and common business scenarios like authentication and file uploads, while explicitly promoting security best practices such as parameterized SQL queries to prevent injection.
Capability Assessment
Purpose & Capability
Name and description describe a low-code/dynamic HTTP interface generator for Java/Spring; the SKILL.md and reference files provide examples, configuration, and scripts that match that purpose. Nothing in the package asks for unrelated credentials, binaries, or system paths that don't belong to such a framework.
Instruction Scope
The instructions and examples legitimately include database access, file upload/save to disk, HTTP outbound calls, cache usage, and importing Java classes (e.g., java.security.MessageDigest, cn.hutool.http.HttpUtil). These are expected for a script-driven framework but mean scripts can perform arbitrary local I/O, DB modifications, and network calls. The SKILL.md does not instruct the agent to read unrelated system files or exfiltrate secrets, but the framework's script APIs provide the ability to do so if misused—recommend reviewing any scripts before enabling and restricting the Web UI.
Install Mechanism
Instruction-only skill with no install spec and no code files to execute during install. This minimizes installer risk; nothing is downloaded or written by an install step.
Credentials
The skill declares no required environment variables, credentials, or config paths. Example content references typical application configuration (spring.datasource in application.yml) which is expected for a framework that interacts with databases; no unrelated secrets are being requested by the skill itself.
Persistence & Privilege
always is false and the skill is user-invocable/autonomously callable by default (normal). The skill does not request persistent installation or modification of other skills or global agent settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install magic-api-generate - After installation, invoke the skill by name or use
/magic-api-generate - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of magic-api-generate skill.
- Introduces magic-api, a Java-based low-code interface development framework.
- Provides setup instructions: Maven dependency, application.yml config, and Web UI access.
- Documents built-in objects, scripting syntax (magic-script), and HTTP/database operations.
- Includes practical usage patterns: CRUD, conditional query, and authentication examples.
- Highlights security, version control, and best practices.
- Links to official documentation and community resources.
Metadata
Frequently Asked Questions
What is magic-api-generate?
magic-api 国产接口快速开发框架。通过 Web UI 编写脚本自动映射为 HTTP 接口,无需 Controller/Service/Dao。当用户提到 magic-api、接口快速开发、低代码接口、动态接口生成、magic-script 时触发此技能。适用于 Spring Boot 集成、数据库操作、脚... It is an AI Agent Skill for Claude Code / OpenClaw, with 720 downloads so far.
How do I install magic-api-generate?
Run "/install magic-api-generate" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is magic-api-generate free?
Yes, magic-api-generate is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does magic-api-generate support?
magic-api-generate is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created magic-api-generate?
It is built and maintained by Andy (@webx32); the current version is v1.0.0.
More Skills