← 返回 Skills 市场

Business API Recorder

Name: Business API Recorder
Author: sihan2017

作者 sihan2017 · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

291

总下载

当前安装

版本数

在 OpenClaw 中安装

/install business-api-recorder

功能描述

通过Chrome扩展记录目标系统业务流程的完整API调用，生成详细接口文档和实现方案辅助AI重构。

使用说明 (SKILL.md)

Business API Recorder

通过Chrome扩展控制浏览器，打开目标系统网址，分析业务场景并完整记录API调用，为AI重构生成完整实现文档。

作者: 周坚
邮箱: [email protected]
版本: 1.0.0
许可证: MIT

适用场景

分析内部办公系统的业务流程
记录业务表单的完整API调用链
为AI重构业务功能获取真实接口数据
生成API接口文档和数据字典
探索系统的安全边界和运行机制

效果预览

完成一次业务分析后，将输出：

API调用日志 - 完整的请求/响应记录（JSON格式）
完整实现文档 - 按模板生成，包含：
- 业务流程（主流程 + 分支场景）
- API接口清单（请求/响应参数）
- 数据字典（枚举值、树形结构）
- 业务规则（验证约束）
- 前端实现要点
- 错误处理
- 参考示例
- 抓包日志样本

这些文档可以直接用于AI重构该业务功能。

安全使用建议

This skill appears to do exactly what it says: inject a monitoring script into Chrome to capture fetch/XHR and produce API logs and documentation. Before installing or running it, consider the following: 1) Legal/ethical: only run against systems you own or where you have explicit permission—the README even suggests 'explore security boundaries', which could be intrusive. 2) Sensitive data: the script records request/response bodies and headers (including Authorization tokens, cookies, form data, PII). Treat generated logs as highly sensitive, avoid sharing them, and redact tokens/passwords before storing or sending them elsewhere. 3) Trust: the source/homepage is not authoritative; you can inspect the included network-monitor.js (it is readable and does not perform external network exfiltration), but if you plan to use it in production, verify the code and consider adding automatic redaction of Authorization/cookie headers. 4) Operational: the workflow requires enabling a browser extension and OpenClaw gateway/token—ensure those tokens are managed securely. If any of the above is a concern, do not run this skill until you obtain explicit authorization, review and modify the script to redact sensitive fields, or run it in an isolated/test environment.

功能分析

Type: OpenClaw Skill Name: business-api-recorder Version: 1.0.0 The skill bundle implements a browser-based network interceptor in `scripts/network-monitor.js` that hooks global `fetch` and `XMLHttpRequest` objects to capture all network traffic, including request headers (which often contain authentication tokens) and full response bodies. While this behavior is aligned with the stated purpose of 'Business API Recording' and documentation generation in `SKILL.md`, the broad interception of sensitive data from 'internal systems' represents a high-risk capability. The tool includes a helper script `scripts/get-monitor.sh` to facilitate the injection of the monitoring code, and although it logs actions to the console, the potential for capturing and storing sensitive credentials or PII makes it a significant security risk if used on untrusted or sensitive platforms.

能力评估

✓ Purpose & Capability

Name/description, README, SKILL.md, and the included scripts all implement a Chrome-injected network monitor that intercepts fetch and XHR and exports logs. Declared OpenClaw capabilities (browser, write, exec) align with the described workflow. Dependencies and files are proportionate to the task.

ℹ Instruction Scope

Instructions explicitly direct the agent to control a browser, inject the provided network-monitor.js, run business flows, and export window.__OPENCLAW_NETWORK_LOG__. This stays within the stated purpose, but SKILL.md also mentions 'explore system security boundaries' which implies active probing—this increases ethical/legal risk and should only be done with authorization. The monitoring script records headers and bodies (including Authorization tokens or PII) which is expected for API recording but sensitive.

✓ Install Mechanism

No install spec; the skill is instruction + local scripts bundled with the package. The included get-monitor.sh simply outputs the monitoring script for injection. There are no external download URLs or archive extraction steps.

ℹ Credentials

The skill requests no environment variables or external secrets. It will, however, capture HTTP headers and request/response bodies from the browser context (which can include auth tokens, cookies, passwords, or personal data). Capturing that data is functionally necessary for full API recording but is high-sensitivity — the bundle does not anonymize or redact logs.

✓ Persistence & Privilege

always is false and the skill does not request permanent agent-level privileges or modify other skills/system configs. It relies on browser control capabilities; autonomous invocation is allowed by default but not exceptional here.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install business-api-recorder
安装完成后，直接呼叫该 Skill 的名称或使用 /business-api-recorder 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of Business API Recorder. - Controls Chrome to analyze business scenarios and fully record API calls. - Outputs detailed API call logs in JSON format. - Generates comprehensive implementation documents, including process flows, API lists, data dictionaries, business rules, and sample logs. - Facilitates real interface data extraction for AI-driven business function reconstruction. - Supports business process analysis, interface documentation, and system security exploration.

元数据

Slug business-api-recorder

版本 1.0.0

许可证 MIT-0

累计安装 2

当前安装数 2

历史版本数 1

常见问题