← 返回 Skills 市场
234
总下载
0
收藏
0
当前安装
10
版本数
在 OpenClaw 中安装
/install smart-api-connector
功能描述
Connect to any REST API using the agent's built-in web_fetch. Handles authentication headers, JSON payloads, error parsing, and retries. Use when: user wants...
使用说明 (SKILL.md)
Smart API Connector v3.0
Install: clawhub install smart-api-connector
REST API integration using built-in tools. No code, no curl, no dependencies.
Language
Detect from user's message language. Default: English.
Quick Start
User provides: API URL + what they want. Agent handles everything.
User: "Hent brukerinfo fra https://api.example.com/v1/users/123"
Agent runs:
web_fetch https://api.example.com/v1/users/123(with auth headers if provided)Returns parsed response.
Authentication
API Key in Header
web_fetch url --headers '{"Authorization": "Bearer KEY", "X-API-Key": "KEY"}'
API Key via Environment Variable
exec: API_KEY="your_key" curl -s -H "Authorization: Bearer $API_KEY" "https://..."
Session-only Keys
API keys provided in conversation are used in-session only. Never persisted to files.
Error Handling
| HTTP Status | Action |
|---|---|
| 200-299 | Parse and return response |
| 429 | Rate limited — wait and retry (max 3 retries) |
| 400 | Bad request — show error, suggest fix |
| 401/403 | Auth failed — check key, permissions |
| 404 | Not found — verify URL |
| 5xx | Server error — retry once, then report |
HTTP Methods
| Method | Use Case |
|---|---|
| GET | Fetch data |
| POST | Create data / send JSON body |
| PUT | Update data |
| DELETE | Remove data |
For POST/PUT: prompt user for JSON body if not provided.
Response Parsing
Always extract and present the useful parts. For JSON APIs:
Response:
Name: John
Email: [email protected]
Created: 2026-03-28
Raw: {first 200 chars if user wants detail}
Security
- Keys are session-only — never written to files
- Prefer environment variables over command-line args
- Scoped/test keys over production secrets
- Show user the exact request before executing (URL + method + headers, not the key value)
Quick Commands
| User says | Action |
|---|---|
| "query {url}" | GET request |
| "POST to {url}" | POST with body |
| "test API {url}" | Request + show response |
| "API health check" | GET and report status |
Guidelines for Agent
- Use web_fetch first — built-in, no dependencies
- Fall back to exec/curl only if web_fetch can't handle the request
- Never persist API keys — session only
- Show request before executing — confirm with user for POST/PUT/DELETE
- Parse responses — extract useful data, don't dump raw JSON
- Handle errors gracefully — retry on 429, explain 401/403
- Match user language in responses
What This Skill Does NOT Do
- Does NOT persist API keys or credentials
- Does NOT require npm packages or external tools
- Does NOT modify any local files
- Does NOT make requests without user knowledge (for POST/PUT/DELETE)
More by TommoT2
- workflow-builder-lite — Build and execute multi-step workflows
- context-brief — Persistent context survival across sessions
- setup-doctor — Diagnose and fix OpenClaw setup issues
Install the full suite:
clawhub install smart-api-connector workflow-builder-lite context-brief setup-doctor
安全使用建议
This instruction-only skill mostly does what it says: use web_fetch to call APIs, show and parse responses, and handle retries. Before installing or using it: 1) ask the publisher to clarify why the README says 'No curl' but also shows a curl fallback; confirm whether the agent will actually run shell execs and under what conditions. 2) Avoid pasting production API keys into chat; prefer short-lived or scoped test keys. 3) If you must use an environment variable, set it in a secure environment rather than sending it in conversation; the curl example (inline env + curl) can expose keys to process listings on some systems. 4) Confirm how the platform enforces the 'never persist API keys' promise if that matters to you. Overall the skill looks coherent with its stated purpose, but validate the curl fallback and secret-handling behavior before trusting it with sensitive credentials.
能力评估
Purpose & Capability
The name/description (connect to REST APIs, handle auth/JSON/retries) aligns with the SKILL.md content: it uses built-in web_fetch, supports auth headers, methods, error handling and response parsing as expected.
Instruction Scope
Instructions primarily use the agent's built-in web_fetch (appropriate). However the SKILL.md also instructs a fallback to exec/curl and shows an inline `exec: API_KEY="your_key" curl ...` example, which expands scope to running shell commands; this contradicts the earlier 'No curl, no dependencies' claim and grants the agent permission to run arbitrary shell execs when web_fetch 'can't handle' a request.
Install Mechanism
Instruction-only skill with no install spec and no files to write — minimal install risk.
Credentials
The doc references an API_KEY environment variable in examples, but the skill declares no required env vars. The env usage appears optional (user-supplied), which is reasonable, but the SKILL.md should have declared that API_KEY is an optional env var. Also the curl fallback pattern (inline env + curl) can expose secrets to process lists on some systems.
Persistence & Privilege
The skill is not always-enabled, does not request persistent presence, and explicitly claims not to persist keys or modify files. No installation-time privileges requested.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install smart-api-connector - 安装完成后,直接呼叫该 Skill 的名称或使用
/smart-api-connector触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v3.0.0
Simplified from 220 to 60 lines. web_fetch first, curl fallback. Clean auth patterns, error handling, no hardcoded prices.
v2.1.0
Concrete safe key patterns: env vars (preferred), stdin/heredoc, netrc file, PowerShell SecureString. Explicit forbidden pattern (no inline keys in args). All examples updated.
v2.0.0
Security audit: honest API key retention disclosure, removed hard curl dependency (agent exec with automatic fallback), removed misleading session-only guarantee, clearer security section with recommendations for scoped keys
v1.6.0
Fixed documentation ambiguity: replaced shell-variable placeholders with plain-text placeholders in curl examples to match session-only credential policy.
v1.5.0
Security: removed all negative credential storage references (bashrc, zshrc, SetEnvironmentVariable). Removed memory/ file tracking. All connections are session-only.
v1.4.0
Security: removed persistent env var storage (was writing to ~/.bashrc and SetEnvironmentVariable). API keys are now session-only. Removed USER.md access. Updated description.
v1.3.0
Security: hardened credential handling language, added homepage/provenance.
v1.2.0
Security: replaced npx clawhub@latest with clawhub install.
v1.1.0
Added cross-promotion: recommends workflow-builder-lite, setup-doctor, tommo-skill-guard.
v1.0.0
Initial release: Connect to any REST API without code. Supports GET/POST/PUT/DELETE with auto-retry, rate limiting, error parsing, and structured response formatting. 5 auth methods, environment variable storage, saved connections tracker. Free: 3 APIs. Pro: unlimited + advanced features.
元数据
常见问题
Smart API Connector 是什么?
Connect to any REST API using the agent's built-in web_fetch. Handles authentication headers, JSON payloads, error parsing, and retries. Use when: user wants... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 234 次。
如何安装 Smart API Connector?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install smart-api-connector」即可一键安装,无需额外配置。
Smart API Connector 是免费的吗?
是的,Smart API Connector 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Smart API Connector 支持哪些平台?
Smart API Connector 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Smart API Connector?
由 TommoT2(@tommot2)开发并维护,当前版本 v3.0.0。
推荐 Skills