← 返回 Skills 市场
api-test
作者
2367961075
· GitHub ↗
· v1.0.3
· MIT-0
341
总下载
0
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install api-test
功能描述
API接口文档助手。用于编写REST API文档、定义接口规范、生成接口说明。当需要编写API文档、接口规范时触发。
使用说明 (SKILL.md)
\r \r
API接口文档\r
\r 版本:V1.0\r 更新日期:YYYY-MM-DD\r 维护人:XXX\r \r ---\r \r
接口概览\r
\r | 模块 | 接口数 | 负责人 |\r |------|--------|--------|\r | 用户模块 | 5 | @xxx |\r | 订单模块 | 8 | @xxx |\r | 支付模块 | 4 | @xxx |\r \r ---\r \r
通用说明\r
\r
认证方式
安全使用建议
This skill's description promises an API documentation assistant, but the bundled Skill.py is a generic HTTP client able to call arbitrary URLs and send JSON. Before installing: 1) Ask the author why the skill needs to perform arbitrary HTTP requests and to document that behavior in SKILL.md. 2) Request that network behavior and required dependencies (requests) be declared. 3) If network calls are necessary (e.g., to fetch live examples), limit them to well-known endpoints and add allow-listing; otherwise remove or disable network capability. 4) If you proceed, run the skill in a sandboxed environment, disable autonomous invocation where possible, and review or audit the code to ensure it won't send sensitive data to external servers. If you cannot verify the intent and code, treat the skill as untrusted and do not install it in environments with sensitive data.
功能分析
Type: OpenClaw Skill
Name: api-test
Version: 1.0.3
The skill bundle provides a generic HTTP client in 'Skill.py' that allows the agent to perform arbitrary GET and POST requests to any user-provided URL. This implementation lacks any domain whitelisting or input sanitization, creating a high risk for Server-Side Request Forgery (SSRF) attacks against internal or external resources. While the 'SKILL.md' describes the tool as an API documentation assistant, the underlying code is a broad network utility without safety constraints.
能力评估
Purpose & Capability
The SKILL.md describes an API documentation assistant. The included Python file (Skill.py), however, implements a generic HTTP client that can call arbitrary URLs with GET/POST and send JSON payloads. Making arbitrary external requests is not necessary for producing static API docs and is not mentioned in the skill description or SKILL.md.
Instruction Scope
Runtime instructions (SKILL.md) only describe documenting APIs and do not instruct the agent to call external endpoints. The actual code will perform network calls when invoked. This is a scope mismatch: the instructions do not disclose the network I/O behavior present in the code.
Install Mechanism
There is no install spec (instruction-only plus a code file). The code imports the 'requests' library but the skill does not declare this dependency. Lack of declared dependencies may cause runtime failures or hide additional requirements, but there is no installer or external download URL—so installation risk is low.
Credentials
No environment variables or credentials are declared, yet the skill can perform arbitrary outbound HTTP requests and send data in requests. That capability could be used to exfiltrate data if the agent passes sensitive content to the skill. The network-capable behavior is not justified by the declared purpose.
Persistence & Privilege
always is false (default) and the skill may be invoked autonomously (platform default). Autonomous invocation combined with undeclared network-capable code raises the blast radius, but autonomy alone is not unusual. Consider restricting autonomous runs or requiring explicit user invocation until the code is verified.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install api-test - 安装完成后,直接呼叫该 Skill 的名称或使用
/api-test触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
No code or content changes detected in this version.
- Version updated to 1.0.3 with no functional or documentation modifications.
- No impact on usage or behavior.
v1.0.2
- No changes detected in this version.
v1.0.1
- Version updated to 1.0.1 with no file changes detected.
- No new features, fixes, or documentation updates were introduced in this release.
v1.0.0
- Initial release of the API 数据获取 (API Data Fetch) skill.
- Supports HTTP/HTTPS requests to third-party APIs with GET and POST methods.
- Automatically parses JSON responses and returns standardized results.
- Allows configuration of URL, method, headers, query parameters, POST data, and timeout.
- Facilitates use cases such as data retrieval, API testing, and external data integration.
元数据
常见问题
api-test 是什么?
API接口文档助手。用于编写REST API文档、定义接口规范、生成接口说明。当需要编写API文档、接口规范时触发。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 341 次。
如何安装 api-test?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install api-test」即可一键安装,无需额外配置。
api-test 是免费的吗?
是的,api-test 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
api-test 支持哪些平台?
api-test 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 api-test?
由 2367961075(@2367961075)开发并维护,当前版本 v1.0.3。
推荐 Skills