ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OnlyFans API Access

v1.0.0

Query OnlyFans data and analytics via the OnlyFansAPI.com platform. Get revenue summaries across all models, identify top-performing models, analyze Free Trial and Tracking Link conversion rates, compare link earnings, and much more! Use when users ask about anything related to OnlyFans.

2· 1.7k·0 current·0 all-time
by@martingalovic
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md purpose (query OnlyFansAPI.com for agency analytics) matches the curl/jq workflows in the instructions. However the registry metadata does not declare the single required environment variable (ONLYFANSAPI_API_KEY) or a primary credential, which is inconsistent with the documented runtime needs.
Instruction Scope
Runtime instructions are narrowly scoped to calling https://app.onlyfansapi.com endpoints, paginating, and aggregating responses; they do not instruct reading arbitrary user files or sending data to other endpoints. They do require network access and use of curl/jq. The header 'allowed-tools: Read' is present but the instructions do not enumerate any file reads beyond reading the ONE env var.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk or downloaded during install — lowest install risk.
!
Credentials
The SKILL.md requires ONLYFANSAPI_API_KEY (Authorization: Bearer $ONLYFANSAPI_API_KEY) which is exactly the kind of secret expected for this integration. However the registry metadata incorrectly lists no required env vars and no primary credential — an incoherence that could be accidental but also hides the credential requirement from automated reviewers. No other unrelated credentials are requested.
Persistence & Privilege
Skill does not request always:true, does not modify other skills or system settings, and runs only when invoked — no elevated persistence or privilege is requested.
What to consider before installing
This skill appears to do what it says (call OnlyFansAPI.com), but exercise caution before installing: the SKILL.md requires ONLYFANSAPI_API_KEY but the registry metadata omits that — verify with the publisher. Because the skill will use your API key and network access to app.onlyfansapi.com, only provide a key if you trust OnlyFansAPI.com (and prefer a scoped or read-only key for testing). Check that the agent is restricted to the expected domain, confirm the skill's publisher/source (there is no homepage), and ask the author to correct the registry to declare ONLYFANSAPI_API_KEY as the primary credential so automated checks and permissions are accurate.

Like a lobster shell, security has layers — review code before you run it.

latestvk97aqern6g6pbr951f7zk4nkzd80axwe
1.7kdownloads
2stars
1versions
Updated 6h ago
v1.0.0
MIT-0
@martingalovic
latest
Download

OnlyFans API Skill

This skill queries the OnlyFansAPI.com platform to answer questions about OnlyFans agency analytics — revenue, model performance, and link conversion metrics.

Prerequisites

The user must set the environment variable ONLYFANSAPI_API_KEY with their API key from https://app.onlyfansapi.com/api-keys.

If the key is not set, remind the user:

Export your OnlyFansAPI key:
  export ONLYFANSAPI_API_KEY="your_api_key_here"

API Basics

  • Base URL: https://app.onlyfansapi.com
  • Auth header: Authorization: Bearer $ONLYFANSAPI_API_KEY
  • All dates use URL-encoded format: YYYY-MM-DD HH:MM:SS
  • If not specific time is specified use start of day or end of day (for date range ending date)
  • Pagination: use limit and offset query params. Check hasMore or _pagination.next_page in responses.
  • Whenever possible use User-Agent with value: OnlyFansAPI-Skill
  • Try your best to infer schema from the example response of the endpoint. Eg "data.total.total" for earnings scalar value from endpoint.

Workflows

1. Get revenue of all models for the past N days

Steps:

  1. List all connected accounts:

    curl -s -H "Authorization: Bearer $ONLYFANSAPI_API_KEY" \
  "https://app.onlyfansapi.com/api/accounts" | jq .

    Each account object has "id" (e.g. "acct_xxx"), "onlyfans_username", and "display_name".

  2. For each account, get earnings:

    START=$(date -u -v-7d '+%Y-%m-%d+00%%3A00%%3A00')  # macOS
# Linux: START=$(date -u -d '7 days ago' '+%Y-%m-%d+00%%3A00%%3A00')
END=$(date -u '+%Y-%m-%d+23%%3A59%%3A59')

curl -s -H "Authorization: Bearer $ONLYFANSAPI_API_KEY" \
  "https://app.onlyfansapi.com/api/{account_id}/statistics/statements/earnings?start_date=$START&end_date=$END&type=total" | jq .

    Response fields:

    • data.total — net earnings
    • data.gross — gross earnings
    • data.chartAmount — daily earnings breakdown array
    • data.delta — percentage change vs. prior period

  3. Summarize: Present a table of each model's display name, username, net revenue, and gross revenue. Sum the totals.

2. Which model is performing the best

Use the same workflow as above. Rank models by data.total (net earnings) descending. The model with the highest value is the best performer.

Optionally also pull the statistics overview for richer context:

curl -s -H "Authorization: Bearer $ONLYFANSAPI_API_KEY" \
  "https://app.onlyfansapi.com/api/{account_id}/statistics/overview?start_date=$START&end_date=$END" | jq .

This adds subscriber counts, visitor stats, post/message earnings breakdown.

3. Which Free Trial Link has the highest conversion rate (subscribers → spenders)

  1. List free trial links:

    curl -s -H "Authorization: Bearer $ONLYFANSAPI_API_KEY" \
  "https://app.onlyfansapi.com/api/{account_id}/trial-links?limit=100&offset=0&sort=desc&field=subscribe_counts&synchronous=true" | jq .

    Key response fields per link:

    • id, trialLinkName, url
    • claimCounts — total subscribers who claimed the trial
    • clicksCounts — total clicks
    • revenue.total — total revenue from this link
    • revenue.spendersCount — number of subscribers who spent money
    • revenue.revenuePerSubscriber — average revenue per subscriber

  2. Calculate conversion rate:

    conversion_rate = spendersCount / claimCounts

    Rank links by conversion rate descending.

  3. Present results as a table: link name, claims, spenders, conversion rate, total revenue.

4. Which Tracking Link has the highest conversion rate

  1. List tracking links:

    curl -s -H "Authorization: Bearer $ONLYFANSAPI_API_KEY" \
  "https://app.onlyfansapi.com/api/{account_id}/tracking-links?limit=100&offset=0&sort=desc&sortby=claims&synchronous=true" | jq .

    Key response fields per link:

    • id, campaignName, campaignUrl
    • subscribersCount — total subscribers from this link
    • clicksCount — total clicks
    • revenue.total — total revenue
    • revenue.spendersCount — subscribers who spent
    • revenue.revenuePerSubscriber — avg revenue per subscriber
    • revenue.revenuePerClick — avg revenue per click

  2. Calculate conversion rate:

    conversion_rate = revenue.spendersCount / subscribersCount

  3. Present results as a table: campaign name, subscribers, spenders, conversion rate, total revenue, revenue per subscriber.

5. Which Free Trial / Tracking Link made the most money

Use the same listing endpoints above. Sort by revenue.total descending. Present the top links with their name, type (trial vs. tracking), total revenue, and subscriber/spender counts.

Multi-Account (Agency) Queries

For agency-level queries that span all models, always:

  1. First fetch all accounts via GET /api/accounts
  2. Loop through each account and gather the relevant data
  3. Aggregate and present combined results with per-model breakdowns

Earnings Type Filters

When querying GET /api/{account}/statistics/statements/earnings, the type parameter filters by category:

  • total — all earnings combined
  • subscribes — subscription revenue
  • tips — tips received
  • post — paid post revenue
  • messages — paid message revenue
  • stream — stream revenue

When In Doubt

If you are unsure about an endpoint, parameter, response format, or how to accomplish a specific task with the OnlyFans API, consult the official documentation at https://docs.onlyfansapi.com. The site contains full API reference details, guides, and examples for all available endpoints. Always check the docs before guessing.

Error Handling

  • If ONLYFANSAPI_API_KEY is not set, stop and ask the user to configure it.
  • If an API call returns a non-200 status, show the error message and HTTP status code.
  • If _meta._rate_limits.remaining_minute or remaining_day is 0, warn the user about rate limits.
  • If an account has "is_authenticated": false, note that the account needs re-authentication.

Output Formatting

  • Always present data in markdown tables for readability.
  • Include currency values formatted to 2 decimal places.
  • When showing percentages (conversion rates, deltas), format as XX.X%.
  • For multi-model summaries, include a Total row at the bottom.

Comments

Loading comments...