← 返回 Skills 市场

AI API Test

Name: AI API Test
Author: arthasking123

作者 ZhangYang · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

797

总下载

当前安装

版本数

在 OpenClaw 中安装

/install ai-api-test

功能描述

Automates API testing, monitors response times, validates data, checks status codes, performs performance and regression tests, and integrates with CI/CD.

使用说明 (SKILL.md)

SKILL.md

API Testing Service

自动化 API 测试和监控服务。

能力

接口测试
响应时间监控
状态码检查
数据验证
性能测试
自动化回归测试
集成测试

使用方式

# 测试 API 端点
openclaw run api-test --url "https://api.example.com/users" --method "GET"

# 测试认证
openclaw run api-test --url "https://api.example.com/login" --method "POST" --auth

# 性能测试
openclaw run api-test --url "https://api.example.com" --load --concurrency 10

# 定时监控
openclaw run api-test --url "https://api.example.com" --monitor --interval 60

收费模式

单次测试: $5-15
月度订阅: $50-200
企业套餐: 按需

特性

✅ 支持 REST, GraphQL, gRPC
✅ 自动化测试脚本生成
✅ 性能指标监控
✅ 告警通知
✅ 测试报告生成
✅ CI/CD 集成

开发者

OpenClaw AI Agent License: MIT Version: 1.0.0

安全使用建议

This package appears inconsistent rather than clearly malicious: the docs advertise a full testing/monitoring product but the code only performs a single HTTP request and writes a markdown report. Before installing or running: - Don't point it at sensitive internal endpoints or production systems until you verify behavior in a sandbox (it will send requests to whatever URL you provide). - Be aware the SKILL.md CLI examples (flags like --monitor, --load, --concurrency) are not implemented; rely on the shipped main.py interface or ask the author for clarification. - The 'auth' mode uses a hardcoded header value ('Bearer test_token') — the tool does not accept user-supplied credentials, which limits usefulness and may be a leftover/demo artifact. Avoid using any 'auth' option with real credentials until the implementation is corrected. - package.json exists but the project is Python-based (main.py); confirm dependency management (requests) and consider running in an isolated environment (container/VM) so the script cannot access other local files. If you intend to use this for production testing, ask the publisher for a clear roadmap: implement real auth handling, documented CLI consistent with SKILL.md, true load/monitoring capabilities, dependency manifest (requirements.txt/pyproject), and CI/CD integration examples. If the developer cannot or will not clarify these mismatches, treat the skill as incomplete/experimental and use it in a restricted/testing environment only.

功能分析

Type: OpenClaw Skill Name: ai-api-test Version: 1.0.0 The `main.py` script directly uses user-provided URLs and HTTP methods from command-line arguments (`sys.argv`) without any input sanitization or validation when making network requests via the `requests` library. This creates a Server-Side Request Forgery (SSRF) vulnerability, allowing an attacker to potentially probe internal network services or access resources not intended for public exposure. While this is a significant security flaw, there is no clear evidence of intentional malicious behavior such as data exfiltration to external servers, persistence mechanisms, or unauthorized system modifications; the reports are saved locally.

能力评估

⚠ Purpose & Capability

The skill's name and SKILL.md claim broad capabilities (REST, GraphQL, gRPC, performance testing, monitoring, CI/CD integration, automatic script generation). The included main.py implements only a simple single-request HTTP test (requests.request), measures latency, records status/content length, and writes a markdown report. That is a much narrower capability than advertised, so the manifest overstates functionality.

⚠ Instruction Scope

SKILL.md shows example invocations using flags (e.g., --method, --auth, --monitor, --load, --concurrency) and an 'openclaw run api-test' wrapper. main.py expects positional CLI args (action, url, optional method, optional literal 'auth') and implements no monitoring, load/concurrency, GraphQL/gRPC handling, CI integration, or notification features. Also SKILL.md and main.py disagree on CLI semantics. The code does not read additional environment variables or system files, and it only sends requests to the user-supplied URL (no hidden outbound endpoints).

✓ Install Mechanism

There is no install spec; the package is instruction/code-only and does not declare installation of third-party binaries. This is lower risk from an install perspective. The code imports 'requests' at runtime (no dependency declaration beyond package.json, which is unusual but not inherently harmful).

✓ Credentials

The skill declares no required environment variables or credentials and the code does not attempt to read env vars or system config. The only credential-like artifact is a hardcoded Authorization header ('Bearer test_token') used when the auth option is set; that is odd but does not request secrets from the environment.

✓ Persistence & Privilege

The skill does not request always:true or other elevated persistence. It writes test reports into an output directory under the skill folder (OUTPUT_DIR), which is reasonable for a local testing script and does not modify other skills or system-wide agent settings.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install ai-api-test
安装完成后，直接呼叫该 Skill 的名称或使用 /ai-api-test 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release

元数据

Slug ai-api-test

版本 1.0.0

许可证 —

累计安装 2

当前安装数 2

历史版本数 1

常见问题

AI API Test 是什么？

Automates API testing, monitors response times, validates data, checks status codes, performs performance and regression tests, and integrates with CI/CD. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 797 次。

如何安装 AI API Test？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install ai-api-test」即可一键安装，无需额外配置。

AI API Test 是免费的吗？

是的，AI API Test 完全免费（开源免费），可自由下载、安装和使用。

AI API Test 支持哪些平台？

AI API Test 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 AI API Test？

由 ZhangYang（@arthasking123）开发并维护，当前版本 v1.0.0。