← 返回 Skills 市场

dr-api-execution-bootstrap

Name: dr-api-execution-bootstrap
Author: daniel-refahi-ikara

作者 Daniel Refahi · GitHub ↗ · v1.1.1 · MIT-0

cross-platform ⚠ suspicious

152

总下载

当前安装

版本数

在 OpenClaw 中安装

/install dr-api-execution-bootstrap

功能描述

Bootstrap and enforce fast direct API execution in a workspace. Use when you want an agent to run API calls directly in-session, avoid unnecessary subagents,...

使用说明 (SKILL.md)

DR API Execution Bootstrap

Use this as an installer and execution-enforcer skill.

When the user asks to apply this skill, apply it immediately. Do not ask whether to enforce the policy.

Apply to this workspace

Inspect workspace startup/default files.
Persist the execution policy in workspace bootstrap files (AGENTS.md, MEMORY.md, or equivalent).
Patch surgically and preserve unrelated instructions.
Validate with the strongest safe real test available.
Report either Configured and validated or Configured, but blocked by: \x3Creason>.

For the concrete application checklist, read references/APPLY.md.

Enforcement contract

1) Execution policy

Set and enforce these defaults for future sessions:

prefer direct in-session API execution
do not spawn subagents unless the user explicitly asks
default to fast mode single-run chain
do one upfront preflight only:
- auth/token availability
- app code / function key / required secret availability
- one sanity endpoint check
after preflight passes, execute the full API chain continuously without unnecessary pauses

2) Communication policy

Set and enforce:

keep responses concise
do not narrate every API call unless the user asks
for blocked execution, report the blocker briefly and precisely
for write operations, show one concise batch preview and wait for approval before executing

3) Operational execution rules

Read references/EXECUTION-PLAYBOOK.md and follow it for:

bulk reads
bulk writes
failure handling
resume behavior
verification strategy

4) API-specific guidance

If the workflow involves Ikara-style CRUD/integration/service-compliance APIs, also read references/IKARA-PATTERNS.md before executing.

5) Validation requirements

After applying the rules, immediately validate them.

If safe and permitted, run one small real dev test and confirm:

direct API call path works
no subagent was spawned
preflight + full-chain behavior is active

If real execution is not possible, run the strongest safe validation available and state exactly what prevented full validation.

6) Limits

If permissions, secrets, or tool access are missing:

do not pretend they were enabled
do not claim success
report exactly what is missing
keep the enforced policy in startup files anyway, unless file-write access is blocked

Reuse on other agents

If the user wants to replicate this behavior elsewhere, read references/INSTALL.md and provide the installation command plus the recommended bootstrap prompt.

安全使用建议

This skill aims to make direct in-session API calls the default and will edit workspace startup files and run a validation test. Before installing: 1) Expect it to read tokens/secrets and to write AGENTS.md / MEMORY.md — review and back up those files. 2) Insist the agent show diffs of any file changes and require your approval before any live API calls or writes. 3) If you do not want any code that accesses secrets or modifies startup files, do not install. 4) Consider running it in an isolated/dev workspace first to observe behavior. 5) Note the metadata mismatch (no declared config/env but instructions expect to access secrets) — ask the publisher to clarify which files and credentials it will read and to add explicit declarations.

功能分析

Type: OpenClaw Skill Name: dr-api-execution-bootstrap Version: 1.1.1 The skill bundle automates the modification of workspace bootstrap files (AGENTS.md, MEMORY.md) to persist specific execution policies and explicitly instructs the agent to bypass user confirmation during the application process ("Do not ask whether to enforce"). While the stated intent is to optimize API execution efficiency and conciseness, the use of persistence mechanisms and instruction-overriding directives in SKILL.md and references/APPLY.md constitutes high-risk behavior, as it alters the agent's long-term behavioral constraints without ongoing user oversight.

能力标签

requires-oauth-tokenrequires-sensitive-credentials

能力评估

ℹ Purpose & Capability

Name/description (make direct API execution the default) aligns with the instructions: inspect startup files, persist an execution policy, run preflight checks, and validate. However, the manifest declares no required config paths or env vars while the runtime instructions explicitly target workspace startup files (AGENTS.md, MEMORY.md) and check for auth/tokens, so the metadata understates the skill's footprint.

⚠ Instruction Scope

SKILL.md tells the agent to inspect and surgically patch workspace startup files and to validate by running a 'small real dev test' if safe. It also instructs checking 'auth/token availability' and 'app code / required secret availability' — actions that may require reading environment variables, secret files, or other workspace config not declared in the manifest. The instructions therefore can cause file writes and live network calls and access to secrets without those access paths being declared.

✓ Install Mechanism

Instruction-only skill with no install spec and no code files — low install-time risk. Nothing is downloaded or extracted.

⚠ Credentials

The skill requests no env vars in metadata, yet runtime guidance explicitly expects to check tokens, app/function keys, and 'required secrets'. This is a mismatch: the skill will attempt to access credentials or secrets (for preflight and validation) even though none are declared. That increases the chance it will read sensitive data unexpectedly.

ℹ Persistence & Privilege

The skill instructs the agent to persist an enforcement policy into workspace startup files (AGENTS.md, MEMORY.md) and enforce defaults for future sessions. It does not set always:true, but it does request persistent changes to workspace configuration and a behavioral change for future agent runs — the user should expect lasting modifications to workspace bootstrap files.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install dr-api-execution-bootstrap
安装完成后，直接呼叫该 Skill 的名称或使用 /dr-api-execution-bootstrap 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.1.1

Rename display name to match slug.

v1.1.0

Add execution playbook, Ikara API patterns, install instructions, and stronger reusable bootstrap guidance for fast direct API workflows.

v1.0.0

dr-api-execution-bootstrap 1.0.0 - Initial release of the installer/enforcer skill for direct API execution workflows. - Automatically applies a direct-first API execution policy to workspace startup files. - Prefers in-session execution and disables subagent fallback unless explicitly requested. - Enforces concise responses and minimizes unnecessary progress updates. - Validates setup with the strongest safe test and reports success or blocking issues precisely. - Ensures execution policy is persisted without overwriting existing user content.

元数据

Slug dr-api-execution-bootstrap

版本 1.1.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 3

常见问题