← 返回 Skills 市场
Lap Altoroj Rest Api
作者
mickmicksh
· GitHub ↗
· v1.0.0
· MIT-0
50
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install lap-altoroj-rest-api
功能描述
AltoroJ REST API skill. Use when working with AltoroJ REST for login, account, transfer. Covers 12 endpoints.
使用说明 (SKILL.md)
AltoroJ REST API
API version: 1.0.2
Auth
ApiKey Authorization in header
Base URL
Not specified.
Setup
- Set your API key in the appropriate header
- GET /login -- verify access
- POST /login -- create first login
Endpoints
12 endpoints across 6 groups. See references/api-spec.lap for full details.
login
| Method | Path | Description |
|---|---|---|
| GET | /login | Check if any user is logged in |
| POST | /login | Login method |
account
| Method | Path | Description |
|---|---|---|
| GET | /account | Returns a list of all the accounts owned by the user |
| GET | /account/{accountNo} | Returns details about a specific account |
| GET | /account/{accountNo}/transactions | Returns the last 10 transactions attached to an account |
| POST | /account/{accountNo}/transactions | Return transactions between 2 specific dates |
transfer
| Method | Path | Description |
|---|---|---|
| POST | /transfer | Transfer money between two accounts |
feedback
| Method | Path | Description |
|---|---|---|
| POST | /feedback/submit | Submit feedback for the bank |
| GET | /feedback/{feedbackId} | Retrieve feedback |
admin
| Method | Path | Description |
|---|---|---|
| POST | /admin/addUser | Add new user |
| POST | /admin/changePassword | Change user password |
logout
| Method | Path | Description |
|---|---|---|
| GET | /logout | Logout from the bank |
Common Questions
Match user requests to endpoints in references/api-spec.lap. Key patterns:
- "List all login?" -> GET /login
- "Create a login?" -> POST /login
- "List all account?" -> GET /account
- "Get account details?" -> GET /account/{accountNo}
- "List all transactions?" -> GET /account/{accountNo}/transactions
- "Create a transaction?" -> POST /account/{accountNo}/transactions
- "Create a transfer?" -> POST /transfer
- "Create a submit?" -> POST /feedback/submit
- "Get feedback details?" -> GET /feedback/{feedbackId}
- "Create a addUser?" -> POST /admin/addUser
- "Create a changePassword?" -> POST /admin/changePassword
- "List all logout?" -> GET /logout
- "How to authenticate?" -> See Auth section
Response Tips
- Check response schemas in references/api-spec.lap for field details
- Create/update endpoints typically return the created/updated object
CLI
# Update this spec to the latest version
npx @lap-platform/lapsh get altoroj-rest-api -o references/api-spec.lap
# Search for related APIs
npx @lap-platform/lapsh search altoroj-rest-api
References
- Full spec: See references/api-spec.lap for complete endpoint details, parameter tables, and response schemas
Generated from the official API spec by LAP
安全使用建议
This skill appears to describe a legitimate AltoroJ REST API and only asks for one API key, but there are notable gaps and small risks you should address before installing or running it:
- Missing base URL and missing API spec: ask the publisher or vendor for the exact base URL and the full API spec (references/api-spec.lap). Without those, the agent cannot safely form requests.
- Unknown provenance: there is no homepage or source repository. Prefer skills published by a known/verified source for anything that touches banking APIs.
- npx / remote code execution: the SKILL.md suggests using 'npx @lap-platform/lapsh' to fetch the spec. Running npx will execute remote code from npm; only run this after inspecting the package (review its code and maintainers) or obtain the spec from a trusted local copy.
- Protect the API key: only provide ALTOROJ_REST_API_KEY if you trust the skill and the runtime environment. Ensure the key has minimal permissions and can be revoked/rotated.
If the publisher can provide the base URL and embed the API spec in the skill bundle (or point to a verified, reviewable source), and if you confirm the npm package referenced is trustworthy, the remaining concerns would be reduced.
功能分析
Type: OpenClaw Skill
Name: lap-altoroj-rest-api
Version: 1.0.0
The skill bundle is a standard API wrapper for AltoroJ, a well-known intentionally vulnerable web application used for security training. The SKILL.md file defines legitimate banking endpoints (login, account, transfer) and provides instructions for an AI agent to map user requests to these endpoints. While it includes 'npx' commands for updating the API specification via the '@lap-platform/lapsh' package, there is no evidence of malicious intent, data exfiltration, or harmful prompt injection.
能力标签
能力评估
Purpose & Capability
Name/description (AltoroJ REST for login/account/transfer) align with requiring an API key (ALTOROJ_REST_API_KEY). However the SKILL.md does not include a base URL or the referenced API spec (references/api-spec.lap) inside the skill bundle, which prevents the agent from calling endpoints directly. Lack of homepage/source provenance is also a gap for a banking-related skill.
Instruction Scope
Runtime instructions are narrowly focused on calling the listed endpoints and setting the API key header, which is expected. But the doc explicitly tells the user/agent to run npx @lap-platform/lapsh to fetch the API spec; that instructs execution of remote code and implicitly trusts an external npm package. The skill does not include the spec it references, so the agent is guided to pull code from the network to get necessary details.
Install Mechanism
No install spec is present (instruction-only), which is low-risk in itself. However the included CLI examples advise running npx to fetch the API spec; npx executes a package from the npm registry (or remote) and can run arbitrary code. The skill does not supply or pin a specific trusted source/URL for the spec, increasing risk if the agent follows that advice.
Credentials
Only one environment variable (ALTOROJ_REST_API_KEY) is required, which is proportionate for an API client. Still, this is a sensitive credential (bank API key) and should be scoped and protected; the package provides no guidance about key scope, rotation, or least privilege.
Persistence & Privilege
The skill does not request always:true, does not include install hooks, and is instruction-only. It does not request persistent system-wide privileges. Autonomous invocation is allowed by platform default but not exceptional here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install lap-altoroj-rest-api - 安装完成后,直接呼叫该 Skill 的名称或使用
/lap-altoroj-rest-api触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of lap-altoroj-rest-api skill.
- Provides access to 12 AltoroJ REST API endpoints across login, account, transfer, feedback, admin, and logout.
- Supports API key authentication via header.
- Includes setup instructions and endpoint usage patterns.
- Reference to detailed API specification in references/api-spec.lap.
- Requires ALTOROJ_REST_API_KEY environment variable.
元数据
常见问题
Lap Altoroj Rest Api 是什么?
AltoroJ REST API skill. Use when working with AltoroJ REST for login, account, transfer. Covers 12 endpoints. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 50 次。
如何安装 Lap Altoroj Rest Api?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install lap-altoroj-rest-api」即可一键安装,无需额外配置。
Lap Altoroj Rest Api 是免费的吗?
是的,Lap Altoroj Rest Api 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Lap Altoroj Rest Api 支持哪些平台?
Lap Altoroj Rest Api 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Lap Altoroj Rest Api?
由 mickmicksh(@mickmicksh)开发并维护,当前版本 v1.0.0。
推荐 Skills