rapidapi

Template-driven RapidAPI client with auto-registered actions and a universal call entrypoint

This skill appears to implement a legitimate RapidAPI client and only needs your RAPIDAPI_KEY — that is expected. The main risk is that, by default, it allows calls to non-RapidAPI hosts and will include your RAPIDAPI_KEY header on those requests. Before installing or enabling this skill: 1) Audit the templates in templates/*.json to ensure they only target trusted RapidAPI endpoints (or domains you intend to send the key to). 2) Set ALLOW_NON_RAPIDAPI_HOSTS=false (or set allowNonRapidApiHosts=false in config) to block non-RapidAPI hosts unless you explicitly need them. 3) Limit who can call callRapidApi (ad-hoc direct calls) in your environment, since that entrypoint can be used to send the key to arbitrary hosts. 4) Provide the RAPIDAPI_KEY with least privilege and be prepared to rotate it if you suspect it was exposed. If you need higher assurance, request changes so the default is restrictive (deny non-RapidAPI hosts) and document precisely which hosts are allowed.

Type: OpenClaw Skill Name: rapidapi Version: 0.1.0 The skill functions as a universal RapidAPI client but contains risky credential-handling logic. Specifically, lib/engine.js is designed to attach the 'X-RapidAPI-Key' to requests, and while it includes a host-validation check, the 'allowNonRapidApiHosts' setting (which defaults to true in index.js and config.example.json) allows the sensitive API key to be sent to any arbitrary host provided in the input. While no clear evidence of intentional malice or hardcoded exfiltration endpoints was found, the capability to direct credentials to non-RapidAPI infrastructure via user-controlled or agent-controlled input poses a high risk of accidental or forced credential leakage.