← 返回 Skills 市场
REST API Tester
作者
LeonardoDpanda
· GitHub ↗
· v1.0.0
622
总下载
1
收藏
3
当前安装
1
版本数
在 OpenClaw 中安装
/install rest-api-tester
功能描述
Test REST APIs with customizable headers, authentication, and request bodies. Use when debugging API endpoints, testing authentication flows, validating resp...
安全使用建议
This skill is essentially a set of code examples for testing APIs — it's coherent and doesn't ask for secrets itself, but be careful when using it: do not paste real production credentials into examples you run; run tests and the Flask listener in an isolated or disposable environment; be cautious when exposing local services with ngrok (it can expose local resources to the public); pin and review any pip packages you install (use a virtualenv and consider specifying versions); and review any URLs the skill will contact to avoid sending sensitive data to unintended endpoints.
功能分析
Type: OpenClaw Skill
Name: rest-api-tester
Version: 1.0.0
The skill bundle is classified as suspicious due to its inherent capabilities for making arbitrary network requests and running a local web server, which, while legitimate for an API testing tool, present significant security risks. The `requests` library is used to perform GET/POST/PUT/DELETE/PATCH operations to any specified URL, potentially leading to Server-Side Request Forgery (SSRF) if the agent's input is not properly sanitized. Additionally, the `create_webhook_listener` function in `SKILL.md` uses Flask to create a local web server, which could expose a port on the agent's host, especially with the suggested `ngrok` usage. There is no evidence of intentional malicious behavior such as data exfiltration or backdoor installation, but the powerful network access capabilities make it a high-risk tool that could be abused.
能力评估
Purpose & Capability
Name and description match the SKILL.md contents: example code shows GET/POST/PUT/DELETE, auth headers, performance checks, webhook listener, and an API test suite. The declared requirements (none) are appropriate for an instruction-only recipe.
Instruction Scope
Instructions tell the agent/user how to perform network calls to arbitrary endpoints, create a local Flask webhook listener, and suggest using ngrok to expose it. This is expected for an API tester, but these actions can transmit or receive sensitive data depending on what URLs or credentials the user provides — the skill itself does not access extra system files or environment variables.
Install Mechanism
There is no install spec; the SKILL.md suggests installing Python packages via pip (requests, flask). That is proportional to the examples shown and is a common, low-risk suggestion for a code snippet.
Credentials
The skill declares no environment variables, credentials, or config paths. Example code accepts tokens/credentials as parameters (which is appropriate). There are no unexplained requests for secrets or unrelated service keys.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or modify other skills or agent settings. Autonomous invocation is allowed by platform default but not flagged here because it is not combined with other red flags.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install rest-api-tester - 安装完成后,直接呼叫该 Skill 的名称或使用
/rest-api-tester触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
REST API Tester 是什么?
Test REST APIs with customizable headers, authentication, and request bodies. Use when debugging API endpoints, testing authentication flows, validating resp... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 622 次。
如何安装 REST API Tester?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install rest-api-tester」即可一键安装,无需额外配置。
REST API Tester 是免费的吗?
是的,REST API Tester 完全免费(开源免费),可自由下载、安装和使用。
REST API Tester 支持哪些平台?
REST API Tester 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 REST API Tester?
由 LeonardoDpanda(@leonardodpanda)开发并维护,当前版本 v1.0.0。
推荐 Skills