Nango API Integration

Connect AI agents to 700+ external APIs using Nango. Handles OAuth, authentication flows, and tool calling for any API. Use when integrating agents with exte...

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 0 · 28 · 0 current installs · 0 all-time installs

by@engsathiago

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The skill's name, description, SKILL.md, and example code are coherent: they implement a Nango-based proxy for many external APIs and show OAuth/API-key patterns that match the stated purpose. However, the declared metadata does not list the environment variables (e.g., NANGO_SECRET_KEY, NANGO_HOST) that the instructions and scripts require, and there is no homepage or source URL to validate provenance—this mismatch is notable.

✓

Instruction Scope

The runtime instructions and example scripts remain within the stated scope: creating connections, exchanging OAuth codes, setting API keys, and proxying API calls via Nango. They do not instruct the agent to read unrelated system files or send data to unknown endpoints beyond Nango and configured providers.

✓

Install Mechanism

There is no install spec (instruction-only), and included scripts suggest using the public 'nango' package via pip/npm. No arbitrary downloads or archive extraction is present in the skill bundle itself. Risk is limited to whatever the upstream 'nango' packages do when installed — verify those packages' sources before installing.

Credentials

The SKILL.md and scripts require NANGO_SECRET_KEY (and optionally NANGO_HOST) but the skill's declared requirements list zero required environment variables and no primary credential. That omission is disproportionate/unexpected and could lead to accidental deployment without informing users what secrets will be used. Also, because the tool can proxy arbitrary provider endpoints, supplying a NANGO_SECRET_KEY effectively grants the skill the ability to access many downstream services — treat that as high-impact sensitive access.

ℹ

Persistence & Privilege

The skill is not forced-always and does not request elevated platform privileges. It does provide code (and guidance) for an agent tool that can make arbitrary proxied API calls; if the agent is allowed to invoke the skill autonomously, that increases the blast radius (normal for integration skills). Consider limiting autonomous invocation and scoping tokens appropriately.

What to consider before installing

This skill appears to be a straightforward Nango integration, but there are two practical red flags: the metadata does not declare the environment variables the instructions and scripts expect (NANGO_SECRET_KEY, NANGO_HOST), and there is no homepage/source URL to verify the publisher. Before installing or giving it secrets: 1) Confirm the publisher and source code (verify on nango.dev or a trusted repo). 2) Do not use production secrets for initial testing—use a throwaway key or a self-hosted Nango instance. 3) Limit scopes and permissions on any OAuth clients and API keys you register. 4) Audit logs on your Nango account to track calls made by the agent. 5) If you want to allow autonomous calls, constrain which providers/actions the agent can invoke. If the publisher can provide a homepage/repo and the metadata is updated to declare required env vars (and a reasonable primary credential), the incoherence would be resolved.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0

Download zip

agentsvk9705vyy2vq0abawhcmheyw3nh830fgaapivk9705vyy2vq0abawhcmheyw3nh830fgaexternal-servicesvk9705vyy2vq0abawhcmheyw3nh830fgaintegrationvk9705vyy2vq0abawhcmheyw3nh830fgalatestvk9705vyy2vq0abawhcmheyw3nh830fgaoauthvk9705vyy2vq0abawhcmheyw3nh830fga

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Nango API Integration for AI Agents

Nango provides unified API access for AI agents with OAuth handling, 700+ pre-built integrations, and MCP server support. This skill helps you connect your agent to any external API.

Why Nango for Agents?

700+ APIs pre-integrated - No need to build each integration from scratch
2800+ pre-built actions - Ready-to-use API operations
MCP servers per app - Model Context Protocol support
1:1 API access - No abstraction layer, you see exact API requests
White-label OAuth - Embeddable auth flows
Any backend language - Works with Python, Node, etc.
AI-generated code - Write integration logic with AI

Quick Start

Step 1: Create Nango Account

Go to https://nango.dev
Sign up for a free account
Create a new project
Get your API key from Settings

Step 2: Install Nango SDK

# Python
pip install nango

# Node.js
npm install @nangohq/node-client

Step 3: Configure Environment

Add to your environment:

NANGO_SECRET_KEY=your-secret-key-here
NANGO_HOST=https://api.nango.dev  # or self-hosted

Integration Patterns

Pattern 1: OAuth Flow

For APIs requiring OAuth (Google, Slack, GitHub, etc.):

from nango import Nango

nango = Nango()

# Get OAuth URL
auth_url = nango.get_auth_url(
    provider="google",
    redirect_uri="https://your-app.com/callback"
)

# User visits auth_url, authorizes, returns with code
# Exchange code for connection
connection = nango.create_connection(
    provider="google",
    code="auth_code_from_callback",
    connection_id="user-google-123"
)

# Now make API calls
result = nango.proxy(
    provider="google",
    endpoint="/gmail/v1/users/me/messages",
    connection_id="user-google-123"
)

Pattern 2: API Key

For APIs using API keys (Stripe, OpenAI, etc.):

from nango import Nango

nango = Nango()

# Set API key for provider
nango.set_credentials(
    provider="stripe",
    connection_id="user-stripe-123",
    credentials={"api_key": "sk_test_xxx"}
)

# Make calls
customers = nango.proxy(
    provider="stripe",
    endpoint="/v1/customers",
    connection_id="user-stripe-123"
)

Pattern 3: MCP Server

For Model Context Protocol integration:

# Get MCP server configuration for a provider
mcp_config = nango.get_mcp_server(
    provider="github",
    connection_id="user-github-123"
)

# Use with MCP-compatible agents
# The config includes tools, resources, and prompts

Popular API Integrations

Provider	Use Case	Auth Type
Google	Gmail, Calendar, Drive	OAuth
Slack	Messages, Channels	OAuth
GitHub	Repos, Issues, PRs	OAuth
Salesforce	CRM Data	OAuth
Stripe	Payments	API Key
Notion	Notes, Databases	OAuth
Linear	Issues, Projects	OAuth
HubSpot	CRM, Marketing	OAuth

Creating Custom Integrations

Template for New Provider

// integrations/my-custom-api.ts
import { NangoIntegration } from '@nangohq/types';

export default NangoIntegration({
  // Provider name
  provider: 'my-custom-api',
  
  // Authentication type
  auth: {
    type: 'api_key', // or 'oauth2', 'basic'
    credentials: {
      api_key: { type: 'string', required: true }
    }
  },
  
  // Available actions
  actions: {
    list_items: {
      endpoint: '/items',
      method: 'GET',
      output: { type: 'array' }
    },
    create_item: {
      endpoint: '/items',
      method: 'POST',
      input: { type: 'object' },
      output: { type: 'object' }
    }
  }
});

Deploy Custom Integration

# Deploy to Nango
nango deploy integrations/my-custom-api.ts

Error Handling

from nango import Nango, NangoError

try:
    result = nango.proxy(
        provider="github",
        endpoint="/repos/owner/repo/issues",
        connection_id="user-github-123"
    )
except NangoError as e:
    if e.code == "auth_expired":
        # Re-authorize
        auth_url = nango.get_auth_url("github")
        print(f"Please re-authorize: {auth_url}")
    elif e.code == "rate_limited":
        # Wait and retry
        time.sleep(e.retry_after)
    else:
        raise

Best Practices for Agents

1. Connection Management

Store connection IDs with user context
Check connection health before operations
Implement re-auth flows automatically

2. Error Recovery

Handle rate limits gracefully
Cache frequently accessed data
Provide clear error messages to users

3. Security

Never expose API keys in prompts
Use environment variables for secrets
Implement permission scoping

4. Performance

Batch operations when possible
Use webhooks instead of polling
Implement request caching

MCP Integration for OpenClaw

To use Nango with OpenClaw agents:

# In your OpenClaw skill or tool
from nango import Nango

class NangoTool:
    def __init__(self):
        self.nango = Nango()
    
    def call_api(self, provider: str, endpoint: str, connection_id: str, **params):
        """Generic API calling tool for any provider."""
        return self.nango.proxy(
            provider=provider,
            endpoint=endpoint,
            connection_id=connection_id,
            params=params
        )
    
    def list_providers(self):
        """List all available providers."""
        return self.nango.list_providers()
    
    def get_provider_actions(self, provider: str):
        """Get available actions for a provider."""
        return self.nango.get_actions(provider)

Common Issues

Issue: "Connection not found"

Ensure connection_id matches what was created
Check if credentials expired

Issue: "Provider not supported"

Check full list at https://nango.dev/integrations
Create custom integration for unsupported providers

Issue: "Rate limited"

Implement exponential backoff
Consider upgrading Nango plan

Resources

Nango Dashboard: https://app.nango.dev
Documentation: https://docs.nango.dev
Integration Catalog: https://nango.dev/integrations
GitHub: https://github.com/NangoHQ/nango
Community: https://nango.dev/community

Pricing

Free Tier: 10,000 API calls/month
Pro: $49/month for 100,000 calls
Enterprise: Custom pricing for unlimited

Free tier is sufficient for development and small projects.

Files

4 total

Select a file

Select a file to preview.

Comments

Loading comments…