← 返回 Skills 市场
sunshine-del-ux

Secure Api Starter

作者 Sunshine-del-ux · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
294
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install secure-api-starter
功能描述
Provides a production-ready API template with JWT, API key, OAuth2 authentication, role-based access control, rate limiting, input validation, logging, and e...
安全使用建议
Do not run any shell scripts referenced by this SKILL.md unless you can inspect them first. The skill promises many features but includes no code, no repo link, and no credential guidance (OAuth requires client IDs/secrets). Before installing or using: (1) ask the publisher for the source repository or a packaged archive; (2) review any create-api.sh and other scripts for arbitrary commands; (3) verify how secrets (JWT keys, OAuth client secrets) are handled — they should never be requested by an unrelated agent; (4) prefer skills that include source or link to a trusted release (e.g., GitHub repo or npm package) and provide explicit install steps. Because of the missing files and vague instructions, treat this skill as incomplete/untrusted until you can review its code.
功能分析
Type: OpenClaw Skill Name: secure-api-starter Version: 1.0.0 The skill bundle contains only metadata and documentation for a secure API starter template. No executable code or scripts (such as the referenced 'create-api.sh') are included in the provided files, and the instructions in SKILL.md lack any evidence of prompt injection, malicious intent, or data exfiltration.
能力评估
Purpose & Capability
The skill claims a production-ready API with JWT, API keys, OAuth2, RBAC, rate limiting, etc., but there are no code files, no repository/homepage, and no install spec. The SKILL.md expects ./create-api.sh and Node.js/TypeScript to be present, yet those scripts and project contents are not included — this is inconsistent with the stated purpose.
Instruction Scope
Instructions tell the agent (or user) to run ./create-api.sh with various flags. Because the script is not bundled or linked, the instructions are vague and leave room for arbitrary shell execution if a similarly named script exists locally. The SKILL.md also references OAuth2 providers (Google, GitHub) which normally require client IDs/secrets, but no guidance is given for obtaining or supplying those credentials.
Install Mechanism
There is no install specification (instruction-only), which minimizes automatic disk writes. That said, an instruction-only skill that tells the user or agent to run a local shell script without providing it is suspicious: it either expects local assets that don't exist or assumes the agent will create/obtain them — both are risky in practice.
Credentials
The skill declares no required environment variables or credentials, yet its stated features (OAuth2, API keys, JWT secrets) normally require secrets/config. The absence of any declared env vars or guidance for credential handling is disproportionate to the claimed functionality and suggests missing or incomplete implementation details.
Persistence & Privilege
The skill does not request persistent privileges (always: false) and does not declare any system-level config paths. It does allow normal autonomous invocation (default), which is expected; this alone is not flagged.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install secure-api-starter
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /secure-api-starter 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of Secure API Starter. - Production-ready template for secure API development - Supports JWT, API keys, OAuth2, and session-based authentication - Includes role-based access control and per-user/IP rate limiting - Features input/schema validation, comprehensive logging, and structured error handling - Quick-start scripts and clear Node.js 18+ & TypeScript requirements
元数据
Slug secure-api-starter
版本 1.0.0
许可证
累计安装 1
当前安装数 1
历史版本数 1
常见问题

Secure Api Starter 是什么?

Provides a production-ready API template with JWT, API key, OAuth2 authentication, role-based access control, rate limiting, input validation, logging, and e... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 294 次。

如何安装 Secure Api Starter?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install secure-api-starter」即可一键安装,无需额外配置。

Secure Api Starter 是免费的吗?

是的,Secure Api Starter 完全免费(开源免费),可自由下载、安装和使用。

Secure Api Starter 支持哪些平台?

Secure Api Starter 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Secure Api Starter?

由 Sunshine-del-ux(@sunshine-del-ux)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论