← 返回 Skills 市场
Slingdata.io API Spec
作者
Fritz Larco
· GitHub ↗
· v1.0.0
431
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install sling-api-specs
功能描述
Build REST API specifications for Sling data extraction. Use when creating API specs, configuring authentication (OAuth, API key, Bearer token, HMAC), settin...
安全使用建议
This bundle is documentation and examples for authoring Sling-style REST API extraction YAML specs — it contains no executables. It does, however, show how specs can consume secrets (secrets.*) and environment variables and how processors can write env.* and persisted sync state. Before using or running any spec created from these docs: (1) inspect specs for any endpoints or external URLs you don't trust, (2) avoid embedding real credentials directly in spec files, (3) only provide the minimal credentials required for a given source (don't reuse high-privilege AWS keys), and (4) treat specs from untrusted authors like code — they can cause the runtime to contact arbitrary external APIs and leak data if misconfigured. If you plan to allow an agent to invoke specs autonomously, restrict which specs it can run and which credentials it may access.
功能分析
Type: OpenClaw Skill
Name: sling-api-specs
Version: 1.0.0
The skill bundle is documentation for defining API specifications, which is a benign purpose. However, it describes a system with several high-risk capabilities that, if exposed to untrusted input, could lead to significant vulnerabilities. Specifically, the `SKILL.md` mentions parsing local files via `file_path`, `ENDPOINTS.md` shows the ability to execute database queries via `hooks` with `type: query`, and `PROCESSORS.md` indicates the ability to set environment variables via `output: "env.VAR"`. While these are presented as legitimate features for data integration, they represent potential Local File Inclusion, SQL Injection, and environment variable manipulation vulnerabilities if the OpenClaw agent's execution environment does not strictly sanitize inputs or restrict these powerful actions. There is no evidence of intentional malicious behavior within the skill bundle itself, but the documented capabilities are sufficiently risky to warrant a 'suspicious' classification.
能力评估
Purpose & Capability
Name/description claim to build API specs; the files and examples are entirely about authentication types, pagination, response processing, queues, incremental sync, and dynamic endpoints — all coherent with an API-spec builder. The skill does not request unrelated binaries or credentials in its registry metadata.
Instruction Scope
SKILL.md and the included docs instruct how to author specs and show example runtime actions (parse/test). The docs reference secrets.* and env.* placeholders and include examples that set environment variables (e.g., env.LAST_UPDATE, OVERRIDE_START_DATE). That behavior is expected for a spec authoring tool, but you should understand that specs created from this guidance can read and require credential values and may write to environment/state at runtime — review any spec before executing it.
Install Mechanism
No install spec and no code files to execute — this is instruction-only. No remote downloads or package installs are present in the bundle.
Credentials
The documentation documents many auth types (OAuth2, AWS sigv4, HMAC, API keys, basic, device flow) and uses placeholders like {secrets.*} and {env.*}. The skill package itself does not request credentials, which is appropriate for a generic spec library, but users will need to supply relevant credentials when running generated specs. Be cautious about which secrets you provide to any runtime that executes specs built from these documents.
Persistence & Privilege
The skill is not always-installed and does not declare elevated privileges. It does not modify other skills or system-wide agent configuration. The documentation describes persisting sync state as part of normal replication workflows — expected for this domain.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install sling-api-specs - 安装完成后,直接呼叫该 Skill 的名称或使用
/sling-api-specs触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the sling-api-specs skill.
- Provides tools and documentation to build REST API specifications for Sling data extraction.
- Supports multiple authentication methods, complex pagination, response processing, rate limiting, and endpoint chaining.
- Includes YAML spec structure examples and operations for parsing and testing API specs.
- Offers detailed topic-based reference guides for authentication, request/response handling, pagination, variable scopes, and more.
元数据
常见问题
Slingdata.io API Spec 是什么?
Build REST API specifications for Sling data extraction. Use when creating API specs, configuring authentication (OAuth, API key, Bearer token, HMAC), settin... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 431 次。
如何安装 Slingdata.io API Spec?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install sling-api-specs」即可一键安装,无需额外配置。
Slingdata.io API Spec 是免费的吗?
是的,Slingdata.io API Spec 完全免费(开源免费),可自由下载、安装和使用。
Slingdata.io API Spec 支持哪些平台?
Slingdata.io API Spec 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Slingdata.io API Spec?
由 Fritz Larco(@flarco)开发并维护,当前版本 v1.0.0。
推荐 Skills