Api Bridge

v1.0.0

Curated free public APIs for AI agents — geocoding, weather, forex, validation, facts, finance, and test data. Use when an agent needs real-world data withou...

⭐ 0· 92·0 current·0 all-time

byAlex@alexuser

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

Name/description match the content: SKILL.md is a catalog of free public APIs with endpoint patterns and curl examples. The skill does not request unrelated credentials or binaries.

ℹ

Instruction Scope

Instructions are limited to making HTTP requests (curl examples) to public APIs. However, some examples (e.g., ipapi.co/json) reveal the caller's public IP (the text even labels it as your sandbox egress IP). Calling arbitrary URL metadata endpoints (urlmeta) or image endpoints with user-supplied URLs can expose the agent environment to SSRF-like risks or leak infrastructure details; the doc does not explicitly warn about sanitizing user-provided URLs.

✓

Install Mechanism

No install spec or code files are present (instruction-only), so nothing is written to disk or installed.

✓

Credentials

The skill requests no environment variables or credentials. The recommended User-Agent header is purely informational and appropriate for Nominatim usage.

✓

Persistence & Privilege

Skill is not always-enabled and is user-invocable; it does not request persistent privileges or attempt to modify other skills or system configuration.

Assessment

This skill is largely safe and coherent: it's a cookbook of free APIs and curl examples and does not ask for secrets. Before installing/use: 1) verify specific endpoints you plan to use — some entries may be out-of-date or require API keys in practice (e.g., double-check Polygon.io and any finance APIs); 2) respect rate limits and terms of service (Nominatim has strict usage policy and rate limits); 3) be aware that calls like ipapi.co/json reveal the agent's public/egress IP and that invoking URL-metadata endpoints on user-controlled URLs can cause SSRF or contact internal resources if the agent runs in an environment with network access; sanitize user-provided URLs and run tests from an isolated environment if privacy is a concern; 4) prefer server-side usage for endpoints marked non-CORS. If you need higher assurance, ask the publisher for a short changelog or evidence that listed APIs were recently validated.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fk9jmpfzwtpcsd27z82dr99837h9r

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Api Bridge

License

Comments