MindStudio To API Custom Function Skill
PassAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill coherently helps generate MindStudio API-integration code, but users should review generated API calls and credential use before running them.
This skill appears purpose-aligned and instruction-only. Before using generated MindStudio code, verify the API endpoint, HTTP method, credential scope, and output variables, and avoid sending or storing sensitive data unless the destination API and workflow storage are appropriate.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A generated function could create, update, or retrieve data from an external service depending on the API endpoint and method the user chooses.
The skill generates code that can call user-specified external endpoints with different HTTP methods. This is central to the purpose, but users should confirm the method and endpoint are safe before running generated code.
API endpoint — the full URL to call ... HTTP method — GET, POST, etc. ... Use `await fetch(...)` for HTTP calls
Review the generated URL, HTTP method, headers, request body, and error handling before pasting it into MindStudio, especially for payment, CRM, production, or delete/update endpoints.
The generated function will be able to act with whatever permissions are attached to the API key or token the user provides.
The skill expects API credentials for the user-selected provider, but it explicitly directs generated configs to use MindStudio secret fields rather than plain text.
Authentication — API key header name, Bearer token, Basic auth, OAuth, or none ... Use `"secret"` type for API keys — never `"text"`
Use scoped, least-privilege API keys when possible, avoid production admin tokens for testing, and revoke keys that are no longer needed.
Workflow data may be transmitted to the selected API provider, and returned data may remain available in MindStudio workflow variables.
The template sends workflow inputs to an external API and stores the API response, including a raw JSON output, into workflow variables.
body: JSON.stringify({ field: inputVal, option: optional }) ... ai.vars[ai.config.outputRaw] = JSON.stringify(data);Only send data appropriate for the chosen provider, check provider privacy requirements, and avoid storing full raw responses if they may contain sensitive information.