ClawHub

API KISS

v1.0.1

Access weather, IP geolocation, SMS, email, crypto prices, QR codes, Danish CVR, Whois, phone lookup, UUID, stock data, passwords, and more via the API KISS...

2· 60·0 current·0 all-time
byPeter Theill@theill
Security Scan
Capability signals
CryptoRequires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description promise (a single gateway to many small services) matches the declared requirement: one API key (APIKISS_API_KEY). No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
SKILL.md confines actions to calling https://www.apikiss.com/api/v1/ endpoints with a Bearer token. however it states "Method: GET for all endpoints (parameters are query strings)" but later asks to send a JSON body for /password/validate — this is inconsistent. Many endpoints perform write actions (SMS, email) that will transmit user-provided content to an external service (expected for this skill but a privacy/abuse consideration). /ip returns the agent's public IP (expected) and query-string-based send endpoints may expose content in logs.
Install Mechanism
Instruction-only skill with no install spec, no code files, and no downloads — minimal installation risk (nothing is written to disk by the skill itself).
Credentials
Only APIKISS_API_KEY is required (appropriate), but that single credential grants broad capabilities (sending SMS/email, performing lookups, generating content) and may incur costs or be abused if leaked. The manifest doesn't request unrelated secrets.
Persistence & Privilege
Skill is not always-enabled and uses normal autonomous invocation. It does not request persistent system-level privileges or access to other skills' configurations.
Assessment
This skill appears to do what it says: it proxies many small services through one API key. Before installing: (1) Treat APIKISS_API_KEY as sensitive — it can send SMS/emails and perform lookups, and could incur costs or enable abuse if leaked. (2) Confirm provider pricing, rate limits, and acceptable-use policy. (3) Ask the maintainer/provider to clarify the GET vs JSON inconsistency (e.g., /password/validate) and whether message bodies are sent in query strings (which can be logged). (4) Prefer creating a scoped or low-privilege key if provider supports it, and rotate the key if you test with real data. (5) Avoid sending sensitive personal data through the skill unless you have reviewed the provider's privacy/security practices.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

💋 Clawdis
EnvAPIKISS_API_KEY
Primary envAPIKISS_API_KEY
latestvk97b68my60mf48yncqn8m82v6184vfnr
60downloads
2stars
2versions
Updated 4d ago
v1.0.1
MIT-0
Peter Theill@theill
latest
Download

API KISS

Use the API KISS unified gateway to call dozens of services through one consistent API with Bearer token auth.

API KISS queries multiple upstream providers in parallel for read operations (returning the fastest response) and uses smart fallback for write operations (trying alternative providers on failure).

Setup

Set your API key as an environment variable:

APIKISS_API_KEY=your_token_here

All requests use:

  • Base URL: https://www.apikiss.com/api/v1/
  • Auth header: Authorization: Bearer $APIKISS_API_KEY
  • Method: GET for all endpoints (parameters are query strings)

Available Endpoints

EndpointDescriptionRequired Params
/weatherCurrent weather by coordinateslatitude, longitude
/ipYour IP address(none)
/smsSend SMS worldwidephone, message
/flash-smsSend flash SMS (appears on screen instantly)to, message
/emailSend email (HTML or plain text)to, subject, + body or html
/cryptoReal-time cryptocurrency price in USDsymbol
/cvrDanish Business Registry lookupquery
/whoisDomain registration infodomain
/phone-lookupValidate phone number, carrier, type, countryphone
/uuidGenerate a UUID v4 (free)(none)
/stockReal-time stock quotesymbol
/timeCurrent time at coordinateslatitude, longitude
/passwordGenerate a secure passwordlength (optional)
/password/validateCheck password strength (score 0-4)password (JSON body)
/photoGet a random photo URL(none)
/qr-codeGenerate QR code (binary PNG/SVG) (free)data
/qr-code/generateGenerate QR code (JSON with base64 image) (free)data
/chuck-norris-factsRandom Chuck Norris fact (free)(none)

Endpoint Details

Weather — GET /weather

Returns current conditions: temperature (Celsius + Kelvin), humidity, pressure, visibility, and summary.

ParamTypeRequiredDescription
latitudenumberyesLatitude of the location
longitudenumberyesLongitude of the location

IP — GET /ip

Returns your current IP address. No parameters needed.

SMS — GET /sms

Sends an SMS message. Returns { "success": true }.

ParamTypeRequiredDescription
phonestringyesRecipient phone number (e.g. +4512345678)
messagestringyesMessage text

Flash SMS — GET /flash-sms

Sends a flash SMS that appears directly on the recipient's screen. Returns message_id and status.

ParamTypeRequiredDescription
tostringyesRecipient phone number
messagestringyesMessage text

Email — GET /email

Sends an email via providers like Resend. Returns success, provider, and message_id.

ParamTypeRequiredDescription
tostringyesRecipient email address
subjectstringyesEmail subject line
bodystringconditionalPlain text body (required if html not provided)
htmlstringconditionalHTML body (required if body not provided)
fromstringnoSender address (defaults to noreply@apikiss.com)

Crypto — GET /crypto

Returns the current price in USD, averaged from multiple exchanges.

ParamTypeRequiredDescription
symbolstringyesCryptocurrency symbol (e.g. BTC, ETH)

CVR — GET /cvr

Danish Business Registry. Returns company name, CVR number, address, phone, email, country.

ParamTypeRequiredDescription
querystringyesCompany name or CVR number

Whois — GET /whois

Domain registration details (registrar, dates, nameservers).

ParamTypeRequiredDescription
domainstringyesDomain name (e.g. example.com)

Phone Lookup — GET /phone-lookup

Validates a phone number. Returns validity, country, carrier, and line type.

ParamTypeRequiredDescription
phonestringyesPhone number to look up

UUID — GET /uuid

Generates a cryptographically secure UUID v4. No parameters. Free tier.

Stock — GET /stock

Returns the current stock price.

ParamTypeRequiredDescription
symbolstringyesStock ticker symbol (e.g. AAPL)

Time — GET /time

Returns the current time at the given coordinates as an ISO 8601 timestamp.

ParamTypeRequiredDescription
latitudenumberyesLatitude
longitudenumberyesLongitude

Password — GET /password

Generates a secure random password.

ParamTypeRequiredDescription
lengthintegernoDesired password length

Password Validate — GET /password/validate

Checks password strength. Returns a score (0–4) and feedback with suggestions. Send a JSON body: { "password": "MySecurePassword123!" }

Photo — GET /photo

Returns a random photo URL. No parameters.

QR Code (binary) — GET /qr-code

Returns a raw PNG or SVG image file directly.

ParamTypeRequiredDescription
datastringyesText/URL to encode
sizeintegernoSize in pixels (32–1024)
output_formatstringnopng or svg
error_correctionstringnol, m, q, or h
foregroundstringnoHex color (e.g. #ff0000)
backgroundstringnoHex color (e.g. #ffffff)

QR Code (JSON) — GET /qr-code/generate

Returns JSON with base64-encoded image data. Same parameters as above.

Chuck Norris Facts — GET /chuck-norris-facts

Returns a random Chuck Norris fact. No parameters. Free tier.

Usage Examples

Weather

curl "https://www.apikiss.com/api/v1/weather?latitude=55.6761&longitude=12.5683" \
  -H "Authorization: Bearer $APIKISS_API_KEY"

IP

curl "https://www.apikiss.com/api/v1/ip" \
  -H "Authorization: Bearer $APIKISS_API_KEY"

Send SMS

curl "https://www.apikiss.com/api/v1/sms?phone=%2B4512345678&message=Hello+from+OpenClaw!" \
  -H "Authorization: Bearer $APIKISS_API_KEY"

Send Email

curl "https://www.apikiss.com/api/v1/email?to=recipient%40example.com&subject=Hello&body=Hi+there" \
  -H "Authorization: Bearer $APIKISS_API_KEY"

Crypto Price

curl "https://www.apikiss.com/api/v1/crypto?symbol=BTC" \
  -H "Authorization: Bearer $APIKISS_API_KEY"

Danish CVR Lookup

curl "https://www.apikiss.com/api/v1/cvr?query=Novo+Nordisk" \
  -H "Authorization: Bearer $APIKISS_API_KEY"

QR Code (save as PNG)

curl "https://www.apikiss.com/api/v1/qr-code?data=https%3A%2F%2Fexample.com&size=256" \
  -H "Authorization: Bearer $APIKISS_API_KEY" -o qr.png

Generate Password

curl "https://www.apikiss.com/api/v1/password?length=20" \
  -H "Authorization: Bearer $APIKISS_API_KEY"

Stock Quote

curl "https://www.apikiss.com/api/v1/stock?symbol=AAPL" \
  -H "Authorization: Bearer $APIKISS_API_KEY"

UUID

curl "https://www.apikiss.com/api/v1/uuid" \
  -H "Authorization: Bearer $APIKISS_API_KEY"

External Endpoints

All requests go to: https://www.apikiss.com/api/v1/*

Data sent includes only the query parameters you provide (e.g. coordinates, phone number, symbol). Your APIKISS_API_KEY is sent as a Bearer token in the Authorization header and never logged locally.

Security & Privacy

  • Your API key stays in your environment — never in prompts or logs.
  • Only the data you explicitly pass as parameters leaves your machine.
  • API KISS does not store request payloads.

Trust Statement

By using this skill, queries are sent to https://www.apikiss.com. Only install if you trust apikiss.com with the data you pass to it.

Comments

Loading comments...