← 返回 Skills 市场
690
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install apiosk-publish
功能描述
Publish and manage Apiosk gateway listings with signed wallet authentication, listing-group aware categorization, and update/delete operations.
使用说明 (SKILL.md)
apiosk-publish
Use this skill for API publishing and lifecycle management on https://gateway.apiosk.com.
When to use
- You need to register a new paid API on Apiosk.
- You need to update, list, or deactivate your published API.
- You need to map an API to the latest listing groups (
api,datasets,compute). - You need to send correctly signed wallet-auth headers for management endpoints.
Required tools and files
curljqcast(Foundry)- Wallet:
~/.apiosk/wallet.json(preferred, includesaddress+private_key)- or
APIOSK_PRIVATE_KEYenv var - or
--private-keyflag
Management endpoints
POST /v1/apis/registerGET /v1/apis/mine?wallet=0x...POST /v1/apis/:slugDELETE /v1/apis/:slug?wallet=0x...
Signed wallet auth
All management calls require:
x-wallet-addressx-wallet-signaturex-wallet-timestampx-wallet-nonce
Canonical message to sign:
Apiosk auth
action:\x3Caction>
wallet:\x3Clowercase_wallet>
resource:\x3Cresource>
timestamp:\x3Cunix_seconds>
nonce:\x3Cnonce>
Action/resource mapping:
- register:
action=register_api,resource=register:\x3Cslug> - update:
action=update_api,resource=update:\x3Cslug> - mine:
action=my_apis,resource=mine:\x3Cwallet> - delete:
action=delete_api,resource=delete:\x3Cslug>
Listing groups and categories
Discovery groups in gateway:
apidatasetscompute
Register payload currently uses category (not explicit listing_type).
Use this mapping:
api->datadatasets->datasetcompute->compute
Register payload
POST /v1/apis/register:
{
"name": "My API",
"slug": "my-api",
"endpoint_url": "https://example.com",
"price_usd": 0.01,
"description": "My paid API",
"owner_wallet": "0x...",
"category": "dataset"
}
Agent behavior requirements
- Always sign management requests; unsigned calls should be treated as invalid.
- Keep wallet value lowercased inside the signed message, even if header uses checksum case.
- If
Unauthorized, regenerate timestamp + nonce and re-sign once. - Validate HTTPS endpoint before register/update.
- Use listing-group mapping above so new listings appear in the right discovery surfaces.
安全使用建议
This skill appears to do what it says: sign and call Apiosk gateway endpoints. Before use, review and consider the following:
- Private-key handling: avoid putting long-term/large-value private keys in APIOSK_PRIVATE_KEY or passing them on the command line. CLI args can be visible to other local users via process listings; prefer a securely permissioned ~/.apiosk/wallet.json with restricted file permissions or a signing workflow that uses a hardware wallet.
- Verify the skill's origin: source/homepage are listed as unknown/none; the package metadata references a GitHub repo—if you plan to use it, fetch the repository from the official source and inspect it yourself rather than trusting a copy from an unknown origin.
- Missing setup script: README mentions a setup-wallet.sh but it isn't included. Verify how you will create ~/.apiosk/wallet.json and ensure that script (if used) is trustworthy.
- Run in a restricted environment: if you're unsure, run these scripts in an isolated machine/container and test with a wallet that holds minimal funds.
- Confirm 'cast' is the expected local Foundry binary and not a malicious replacement on PATH.
If you want higher assurance, request the canonical upstream repository or a signed release and/or have someone audit how private keys are loaded and invoked.
功能分析
Type: OpenClaw Skill
Name: apiosk-publish
Version: 1.1.0
The OpenClaw AgentSkills skill bundle is classified as benign. All scripts (`auth-utils.sh`, `delete-api.sh`, `my-apis.sh`, `register-api.sh`, `test-api.sh`, `update-api.sh`) consistently interact with `https://gateway.apiosk.com` as documented. Private keys are handled securely by being loaded locally and used with the `cast` utility for signing, without being transmitted over the network. Input validation and argument parsing are implemented, and `curl` commands correctly quote URLs, preventing shell injection vulnerabilities. The `SKILL.md` and `README.md` provide clear instructions for the agent and user, with no evidence of prompt injection attempts or hidden malicious directives. The `clawhub.json` and `SECURITY.md` accurately reflect the skill's benign nature and limited access permissions.
能力评估
Purpose & Capability
Name/description match the code and SKILL.md: all scripts call only https://gateway.apiosk.com and implement register/list/update/delete flows. Declared binaries (curl, jq, cast) and the wallet files are reasonable for the stated functionality. No unrelated services, credentials, or binaries are requested.
Instruction Scope
Runtime instructions and scripts stay within the publishing/management scope and only reference wallet files (~/.apiosk/*) and standard utilities. One minor mismatch: README references apiosk-skill/setup-wallet.sh creating ~/.apiosk/wallet.json, but that setup script is not included. Also, SKILL.md and scripts allow supplying the private key via APIOSK_PRIVATE_KEY or --private-key; the scripts then pass that key on the command-line to 'cast', which can expose it to local process listings.
Install Mechanism
No install spec; this is instruction-plus-shell-scripts only. Nothing is downloaded or written outside the repository except expected reads of ~/.apiosk/*. This is the lowest-risk install type.
Credentials
The skill reads wallet address/private_key from ~/.apiosk/wallet.json (or wallet.txt) and accepts APIOSK_PRIVATE_KEY and --private-key. Those are proportional to the task (signing management requests), but handling private keys is sensitive: passing a private key via environment variable or CLI arg may expose it to the environment or other local users/processes. The scripts do not transmit the raw private key to the remote gateway (they send only signatures), which is appropriate.
Persistence & Privilege
always is false and the skill does not modify system-wide configuration or other skills. It reads wallet files under ~/.apiosk/ and writes nothing outside the repo—no elevated persistence requested.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install apiosk-publish - 安装完成后,直接呼叫该 Skill 的名称或使用
/apiosk-publish触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
signed wallet auth for register/update/mine/delete and listing-group mapping updates
v1.0.0
v1.0.0: Self-service API publishing for Apiosk. Register your API, set pricing, earn 90-95% revenue. Auto-approval with health checks.
元数据
常见问题
Apiosk Publish 是什么?
Publish and manage Apiosk gateway listings with signed wallet authentication, listing-group aware categorization, and update/delete operations. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 690 次。
如何安装 Apiosk Publish?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install apiosk-publish」即可一键安装,无需额外配置。
Apiosk Publish 是免费的吗?
是的,Apiosk Publish 完全免费(开源免费),可自由下载、安装和使用。
Apiosk Publish 支持哪些平台?
Apiosk Publish 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Apiosk Publish?
由 obcraft(@obcraft)开发并维护,当前版本 v1.1.0。
推荐 Skills