← 返回 Skills 市场

API Integration for RedHat MCP

Name: API Integration for RedHat MCP
Author: mzfshark

作者 Mauricio Z. · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install api-integration-redhat

功能描述

Integrate third-party APIs with auth, retries, timeouts, and logging.

使用说明 (SKILL.md)

SKILL: api-integration

Purpose

Integrate external APIs safely (auth, retries, timeouts, error handling, logging) and expose them via a clean internal interface.

When to Use

A system must call a third-party REST/WebSocket API.
You need a reusable client module with predictable behavior.
You must handle rate limits and transient failures.

Inputs

api_spec (required, object|string): base URL, endpoints, schemas, rate limits.
auth_method (optional, enum: none|api_key|oauth|jwt|hmac).
secrets_source (optional, string): where tokens/keys come from (env/secret manager).
error_policy (optional, string): retry/backoff rules and non-retryable errors.

Steps

Validate API contract and identify required headers/auth.
Implement a client module:
- explicit base URL
- request timeouts
- retry with bounded backoff (only for safe/idempotent calls by default)
- rate limit handling
Normalize errors into a stable internal shape.
Add logging hooks (request id, endpoint, status, latency; never log secrets).
Add tests:
- mocked responses for determinism
- at least one failure-path test

Validation

Secrets are sourced only from configuration (not hardcoded).
Retry policy is explicit and bounded.
Errors are deterministic and observable.

Output

Client module path(s)
Config/env contract
Usage example (internal call pattern)

Safety Rules

Do not paste tokens/keys into code or logs.
Do not rely on â€œbest effortâ€ network calls without timeouts.
Avoid curl | sh or ad-hoc install scripts as part of integration.

Example

Integrate â€œVendorAPIâ€:

api_spec: { base_url: "...", endpoints: ["/v1/items"] }
Output: src/integrations/vendor/client.ts with retries and mocked tests.

安全使用建议

This skill appears to be a sensible template for implementing API clients, but verify provenance before trusting it: the SKILL claims 'RedHat Dev' while registry metadata/owner IDs and source/homepage are missing or inconsistent. Do not provide production secrets to the agent just because the skill mentions a 'secrets_source' — instead: (1) confirm the skill's author/ownership (ask the publisher or review a trusted homepage/repo), (2) run any generated code in a sandbox and review it for unexpected network calls or 'curl | sh' patterns, (3) bind secrets to a vetted secret manager with audit logs and minimal scope, (4) require explicit declarations for which secret store/bindings to use, and (5) if you plan to let an agent generate code from this guidance, review packages/URLs it installs (avoid downloads from unknown hosts). If you cannot verify the provenance, do not run it with sensitive credentials.

功能分析

Type: OpenClaw Skill Name: api-integration-redhat Version: 1.0.0 The skill bundle provides a standard framework for integrating third-party APIs using software engineering best practices such as retries, timeouts, and error handling. It includes explicit safety rules in SKILL.md and api-integration.md that prohibit hardcoding secrets, logging sensitive data, and using dangerous execution patterns like 'curl | sh'. No malicious indicators, exfiltration attempts, or suspicious instructions were identified.

能力标签

requires-oauth-tokenrequires-sensitive-credentials

能力评估

ℹ Purpose & Capability

The name, description, and runtime instructions are coherent: this is an instruction-only template for building resilient API clients (timeouts, retries, logging, tests). There are no unexpected required binaries, env vars, or config paths. However the package claims RedHat authorship in SKILL.md/_meta.json while registry metadata shows a different owner ID and the source/homepage are 'unknown'/'none' — a provenance inconsistency worth verifying.

✓ Instruction Scope

SKILL.md limits operations to design/implementation guidance (validate API contract, implement client, normalize errors, add tests) and explicitly warns not to log secrets or run curl|sh. It does not instruct reading arbitrary system files or exfiltrating data. The 'secrets_source' input is intentionally generic — the skill does not itself access secrets but leaves choice of secret store to the implementer, which is acceptable but should be specified before use.

✓ Install Mechanism

This is instruction-only with no install spec and no code files to run. That minimizes code-installation risk (nothing is downloaded or written by the skill itself).

ℹ Credentials

No required environment variables or credentials are declared, which aligns with the skill being a template. The optional 'secrets_source' parameter could, in real usage, cause the implementer/agent to access environment variables or a secret manager — that's expected for an integration client but must be constrained and audited by the user (the skill does not define which secret store or credentials to use).

✓ Persistence & Privilege

always: false (default) and the skill does not request persistent/system-wide changes. disable-model-invocation is false (normal) which allows autonomous invocation — not a problem here because the skill is instruction-only and does not hold broad credentials. There is no indication it modifies other skills or system settings.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install api-integration-redhat
安装完成后，直接呼叫该 Skill 的名称或使用 /api-integration-redhat 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Major update: The skill moves from broad API documentation to focused API integration guidance. - All previous category-based API documentation files and reference guides have been removed. - New concise skill describes integrating external APIs with attention to authentication, retries, error handling, and logging. - Introduces structured inputs (api_spec, auth_method, secrets_source, error_policy) and step-by-step implementation guidance. - Emphasizes reusable client modules, proper error normalization, strong validation, and secure handling of secrets. - Provides a clear example and safety rules for implementing API integrations.

元数据

Slug api-integration-redhat

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题