APIClaw
WarnAudited by ClawScan on May 10, 2026.
Overview
APIClaw is transparent about being an API-calling tool, but it gives agents broad power to call external services, use account credentials, and proxy full request payloads without clearly documented per-action guardrails.
Install only if you want an agent to perform broad external API calls. Prefer your own narrowly scoped test credentials, pin and audit the npm package first, require manual approval for mutating or paid actions, and do not send sensitive prompts or messages through the NordSym proxy.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could make real changes or send real messages through connected services if given broad credentials or if the proxy path is used.
The documented tool can invoke many external services, including mutating, cost-incurring, messaging, and code-execution workflows, but the artifact does not describe approval gates, action limits, budgets, or rollback boundaries.
`direct_call` | Execute API calls through APIClaw ... GitHub | Repos, issues, code search, file operations ... Resend | Transactional email API ... Twilio | Global SMS & voice ... E2B | Secure code sandbox — run Python, JS, any language
Use this only with explicit per-call review for high-impact actions, restrict providers/actions where possible, and avoid letting the agent make GitHub, SMS, voice, or email changes without confirmation.
If powerful tokens are supplied, the agent may be able to act as the user or organization on third-party services.
The skill expects access to multiple provider credentials that can carry account-level authority. The artifacts list the credentials, but do not specify least-privilege token scopes, read-only modes, spending limits, or safeguards for credential-backed actions.
configPaths: `~/.secrets/github.env`, `~/.secrets/twilio.env`, `~/.secrets/resend.env` ... envVars: `GITHUB_TOKEN`, `TWILIO_AUTH_TOKEN`, `RESEND_API_KEY`, `OPENROUTER_API_KEY`
Use dedicated low-privilege test credentials, read-only or narrowly scoped tokens where possible, separate billing-limited accounts, and avoid production tokens unless the workflow is carefully controlled.
Sensitive prompts, message content, or API parameters could be visible to the proxy operator when using the fallback path.
The proxy data path is clearly disclosed, but it means prompts, messages, and API parameters may be sent to NordSym when local provider credentials are not configured.
Without credentials (using proxy): The full request payload goes through APIClaw's proxy. This includes: API parameters, Message content, Prompts ... The proxy uses NordSym's credentials to execute on your behalf.
Configure your own provider credentials before sending sensitive data, and treat proxy mode as suitable only for testing or non-sensitive exploration.
You would be trusting the npm package version that `npx` resolves when you run it, not code reviewed in this artifact bundle.
The reviewed artifact set is instruction-only while the functional MCP server is obtained from npm at runtime. This is user-directed and disclosed, but the package code is not included in the supplied artifacts and the command is unpinned.
Installation ```bash npx @nordsym/apiclaw ```
Audit the npm/GitHub source, pin an expected package version, and install from a trusted source before granting credentials or using sensitive data.