rapidapi
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: rapidapi Version: 0.1.0 The skill functions as a universal RapidAPI client but contains risky credential-handling logic. Specifically, lib/engine.js is designed to attach the 'X-RapidAPI-Key' to requests, and while it includes a host-validation check, the 'allowNonRapidApiHosts' setting (which defaults to true in index.js and config.example.json) allows the sensitive API key to be sent to any arbitrary host provided in the input. While no clear evidence of intentional malice or hardcoded exfiltration endpoints was found, the capability to direct credentials to non-RapidAPI infrastructure via user-controlled or agent-controlled input poses a high risk of accidental or forced credential leakage.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your RapidAPI key could be disclosed to an unintended HTTPS host or used against APIs you did not mean to authorize.
The request destination is derived from input.host, and the RapidAPI key is attached to that request. With the skill's default non-RapidAPI host allowance, a mistaken or manipulated direct call can send the key outside the intended provider boundary.
const url = new URL(`https://${input.host}${input.path}`); ... "X-RapidAPI-Key": rapidApiKey, "X-RapidAPI-Host": input.hostDefault to an explicit host allowlist or set allowNonRapidApiHosts=false where possible, and require user approval before calling any new host.
An agent could make POST, PUT, DELETE, or other mutation-capable requests to third-party APIs using your RapidAPI key if prompted or misled.
The engine executes caller-selected HTTP methods and bodies through fetch. This broad escape-hatch bypasses the safer template action flow and can perform state-changing API calls.
const method = (input.method || "GET").toUpperCase(); ... response = await fetch(url.toString(), { method, headers, body, signal: controller.signal });Restrict the direct entrypoint, implement a method allowlist, prefer reviewed templates, and require explicit confirmation for non-GET or non-template calls.
Users may believe stronger safety controls are enforced than the supplied code actually provides.
The README presents these as security defaults, but the provided engine accepts the caller's method and does not show a body-size check; only the timeout limit is clearly implemented.
- Method allow-list - Body size and timeout limits
Either implement the documented method and body-size limits or update the documentation to accurately describe the real safeguards and defaults.