← 返回 Skills 市场
Api Gateway
作者
Miguel Guerra
· GitHub ↗
· v1.0.0
955
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install api-gateway-zito
功能描述
Gateway universal para APIs. Conecta cualquier API REST/GraphQL con configuración simple. Gestiona autenticación, rate limiting y caching.
使用说明 (SKILL.md)
API Gateway Universal
Conecta el bot a cualquier API externa con configuración mínima. Un solo lugar para gestionar todas tus integraciones.
Concepto
┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ Bot │ ──► │ API │ ──► │ APIs │
│ (Comando) │ │ Gateway │ │ Externas │
└─────────────┘ └─────────────┘ └─────────────┘
│
┌──────┴──────┐
│ • Auth │
│ • Cache │
│ • Rate Limit│
│ • Retry │
└─────────────┘
Comandos
Configurar APIs
# Agregar nueva API
api add weather
--base:https://api.openweathermap.org/data/2.5
--auth:query:appid:$WEATHER_API_KEY
# Agregar endpoint
api endpoint weather current
--path:/weather
--params:q,units
# Listar APIs configuradas
api list
Llamar APIs
# Llamar endpoint
api call weather current --q:"Mexico City" --units:metric
# Llamada directa con URL
api get https://api.example.com/data
# POST con body
api post https://api.example.com/create --body:'{"name":"test"}'
Gestión
# Ver estadísticas
api stats weather
# Ver logs
api logs --last:10
# Probar conexión
api test weather
Ejemplo: Configurar API del Clima
# apis/weather.yaml
name: weather
base_url: https://api.openweathermap.org/data/2.5
auth:
type: query
param: appid
value: ${WEATHER_API_KEY}
endpoints:
current:
path: /weather
method: GET
params:
- q: string # ciudad
- units: metric|imperial
cache: 10m
forecast:
path: /forecast
method: GET
params:
- q: string
- cnt: number # días
Uso después de configurar
Usuario: clima en "Ciudad de México"
Bot: 🌤️ Clima actual en Ciudad de México:
🌡️ Temperatura: 22°C
💧 Humedad: 45%
💨 Viento: 12 km/h
🌅 Sensación térmica: 24°C
Tipos de Autenticación
| Tipo | Ejemplo |
|---|---|
| API Key (Header) | Authorization: Bearer xxx |
| API Key (Query) | ?api_key=xxx |
| Basic Auth | username:password |
| OAuth 2.0 | Token refresh automático |
| Custom | Headers personalizados |
Funcionalidades
Caching
endpoints:
data:
cache: 15m # Cache de 15 minutos
Rate Limiting
rate_limit:
requests: 100
period: 1h
Retry Automático
retry:
attempts: 3
backoff: exponential
APIs Pre-configuradas
| API | Configuración |
|---|---|
| OpenWeather | WEATHER_API_KEY |
| GitHub | GITHUB_TOKEN |
| Slack | SLACK_TOKEN |
| Notion | NOTION_API_KEY |
| Discord | DISCORD_TOKEN |
Integración
- proactive-triggers: Llamar APIs en automatizaciones
- daily-digest: Obtener datos de múltiples APIs
- multi-agent: Los agentes pueden usar APIs configuradas
安全使用建议
This skill appears to be a documentation-only API gateway configuration guide, which is fine in principle, but it references many API tokens and YAML config files without declaring how those secrets are supplied or protected. Before installing or enabling this skill: (1) ask the publisher where config files and credentials are stored and who can access them; (2) require explicit, minimal environment variables only for the APIs you actually use (avoid placing broad tokens in a shared env); (3) run it in a restricted/sandboxed agent context if agents will call external APIs autonomously; and (4) verify logging and 'api logs' behavior so sensitive responses or tokens are not written to an unprotected log. If the publisher cannot explain where credentials are kept and how they are scoped, treat the skill as higher risk.
功能分析
Type: OpenClaw Skill
Name: api-gateway-zito
Version: 1.0.0
The `SKILL.md` file describes an API gateway skill that grants the OpenClaw agent the ability to make arbitrary HTTP GET and POST requests to any URL with any body. Crucially, it also explicitly instructs the agent to access and use environment variables for authentication (e.g., `$WEATHER_API_KEY`, `GITHUB_TOKEN`). This combination of broad network access and environment variable access creates a significant prompt injection vulnerability, allowing an attacker to potentially exfiltrate sensitive environment variables or other data by instructing the agent to send them to an attacker-controlled endpoint. While these capabilities are plausible for an API gateway, their broad nature without clear safeguards makes the skill suspicious due to the high risk of abuse.
能力评估
Purpose & Capability
The name/description (universal API gateway with auth, rate limiting, caching) matches the instructions and examples. The SKILL.md shows appropriate features (endpoints, auth types, caching, rate limiting), so the claimed capability is generally coherent with the described functionality.
Instruction Scope
Instructions focus on configuring APIs via YAML and calling external endpoints (api add, api call, api get/post, logs, stats). They reference reading config files (e.g., apis/weather.yaml) and environment variable substitution (${WEATHER_API_KEY}). The instructions do not explicitly tell the agent to read unrelated system files, but they implicitly require access to user-provided config files and environment variables that are not declared in the skill metadata.
Install Mechanism
This is an instruction-only skill with no install spec and no code files; nothing is written to disk by the skill itself. That is the lowest-risk install mechanism.
Credentials
SKILL.md references multiple service credentials (WEATHER_API_KEY, GITHUB_TOKEN, SLACK_TOKEN, NOTION_API_KEY, DISCORD_TOKEN) and uses environment variable substitution in examples, but the skill's registry metadata declares no required env vars or primary credential. This mismatch is disproportionate and unclear: the skill implies it will need secret tokens for various third-party APIs but does not state how they will be provided, scoped, or stored.
Persistence & Privilege
The skill is not marked always:true, has no install step requesting persistent system changes, and does not request config paths or modify other skills. Autonomous invocation is allowed (default), which is normal, but this combined with the credential ambiguity increases risk.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install api-gateway-zito - 安装完成后,直接呼叫该 Skill 的名称或使用
/api-gateway-zito触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Universal API gateway—simple setup, powerful integration
- Conecta el bot a cualquier API REST/GraphQL con configuración mínima.
- Gestiona autenticación, cache, rate limiting y reintentos automáticos de forma centralizada.
- Incluye comandos para agregar, listar y llamar APIs fácilmente, además de gestión (logs, stats, tests).
- Soporta múltiples tipos de autenticación: header, query, Basic, OAuth 2.0, y personalizados.
- Ejemplo detallado de configuración y uso con una API de clima.
- Integración con otras skills (proactive-triggers, daily-digest, multi-agent) para automatización y uso avanzado.
元数据
常见问题
Api Gateway 是什么?
Gateway universal para APIs. Conecta cualquier API REST/GraphQL con configuración simple. Gestiona autenticación, rate limiting y caching. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 955 次。
如何安装 Api Gateway?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install api-gateway-zito」即可一键安装,无需额外配置。
Api Gateway 是免费的吗?
是的,Api Gateway 完全免费(开源免费),可自由下载、安装和使用。
Api Gateway 支持哪些平台?
Api Gateway 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Api Gateway?
由 Miguel Guerra(@miguelguerra200022-sudo)开发并维护,当前版本 v1.0.0。
推荐 Skills