ClawHub

Api Integrator

v1.0.1

API integration and automation skill for connecting services, webhooks, and third-party platforms. Use when integrating APIs, building webhooks, syncing data...

0· 382·4 current·4 all-time
byYinanping@yinanping-cpu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description align with the included SKILL.md and scripts: the Python script implements endpoint testing, client generation, and basic auth/OAuth examples consistent with an API integrator. There are no unexpected dependencies, binaries, or config paths required.
Instruction Scope
SKILL.md restricts behavior to API testing, client generation, rate-limit handling and webhook testing. It advises using environment variables for credentials but does not instruct reading arbitrary local files. Note: the script logs requests/responses and printed logs could expose tokens or sensitive responses if those are returned by an API; be careful when testing endpoints that echo secrets.
Install Mechanism
No install spec; this is instruction-plus-script only. No downloads or archive extraction are performed by the skill itself, minimizing install-time risk.
Credentials
The skill declares no required environment variables or credentials. The SKILL.md and script demonstrate how to use common credentials (tokens, client_id/secret) but do not require or attempt to access unrelated secrets or services.
Persistence & Privilege
The skill is not always-enabled and does not request elevated persistence or modify other skills. It runs on demand and contains no code that writes persistent agent-level configuration.
Assessment
This skill appears to do what it says: make HTTP requests, test webhooks, and generate simple client code. Before using it: (1) review the full scripts yourself (or run in a sandbox) because the tool makes arbitrary network requests; (2) never supply production credentials to unknown third-party code — use throwaway/test credentials when exercising endpoints; (3) be aware logs and printed responses may contain sensitive data returned by APIs (tokens, user data) so avoid testing against endpoints that echo secrets; (4) confirm the truncated file in the provided manifest (the pasted script appears cut off) — fetch the complete source if you plan to rely on it in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk976s51hyrnytagjkw19gh88ms82e1pv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments