Freeapi — Freeapi工具

Name: Freeapi — Freeapi工具
Author: splicer scorn

splicer scorn

Freeapi — Freeapi工具

v1.0.0

[AI辅助] Connect directly to any API using its OpenAPI spec with local API key storage, ensuring private, middleware-free requests from your machine.

0· 457·0 当前·0 累计

by @numbpill3d (splicer scorn)·MIT-0

API工具网络工具开发工具 AI模型访问

下载技能包

License

MIT-0

最后更新

2026/4/12

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

可疑

medium confidence

The skill's code and instructions match its stated purpose (a local OpenAPI client that stores keys in .env), but it asks for and writes many unrelated API keys in plaintext and will read any environment variables heuristically — behavior that increases risk and deserves caution.

评估建议

This skill does what it claims — it runs locally, fetches OpenAPI specs, and will use API keys from your environment or save keys you provide into a .env file — but that same behavior can be risky. Before installing or using it: (1) avoid pasting highly privileged or long-lived master credentials; prefer scoped/least-privilege tokens. (2) Be aware keys are stored in plaintext .env in the working directory — consider using an encrypted secrets manager instead. (3) Only point the tool at OpenAPI s...

详细分析 ▾

ℹ 用途与能力

The name/description (direct OpenAPI client with local key storage) align with the included code (index.js) and SKILL.md: it loads specs, builds requests, and uses env vars for auth. There are no unrelated required binaries or external services declared. However, the skill lists many common services and implicitly encourages collecting many keys; while consistent, this breadth is larger than minimal.

⚠ 指令范围

SKILL.md explicitly instructs the agent to ask the user for API keys and to use a write/edit tool to append them to a local .env file. That is within the claimed feature set, but it expands the agent's runtime actions to collecting and permanently storing arbitrary credentials in plaintext. The instructions also give the agent discretion to prompt for missing keys automatically — which could lead to unnecessary key collection if not tightly constrained.

✓ 安装机制

No install spec; this is an instruction + code skill. package.json and dependencies are typical (commander, dotenv, inquirer, yaml). Nothing in the install surface downloads code from untrusted URLs or writes unexpected binaries.

⚠ 凭证需求

The skill declares no required env vars but the code will read process.env (after dotenv.config()) and uses a heuristic to map OpenAPI security scheme names to environment variable names. It also ships a long SERVICES list and will prompt to store many different service keys in .env. Collecting multiple unrelated credentials and storing them in plaintext is disproportionate and increases exposure. The skill does not declare a primary credential or justify why all listed services might be needed.

✓ 持久化与权限

always is false and the skill does not request persistent platform-level privileges or modify other skills. It will write to a local .env file (its expected operation) but does not attempt to change global agent configuration.

安全有层次，运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发，无需署名。

查看条款 ↗

运行时依赖

无特殊依赖

版本

latestv1.0.02026/2/27

Initial release of freeAPI: The Sovereign Client - Enables direct execution of OpenAPI/Swagger endpoints from localhost, with no middleware or gateways involved. - Keeps API keys fully private by storing them only in your local `.env` file. - Provides a guided, conversational method for onboarding and key management—no CLI commands unless preferred. - Automatically fetches OpenAPI specs and handles requests based on natural language prompts. - Includes CLI support for advanced or power users as an alternative interface.

● 可疑

安装命令点击复制

官方npx clawhub@latest install freeapi

镜像加速npx clawhub@latest install freeapi --registry https://cn.clawhub-mirror.com

技能文档

freeAPI direct execution engine 对于 OpenClaw. bypasses 中间件, gateways, 和 data harvesters. 带有 freeAPI, agent connects directly 从 localhost 到任何 API 使用 official OpenAPI/Swagger specification.

Philosophy

Sovereign: 您 own 连接. 否第三个-party server mediates requests.
私有: API keys stay 在...中 local .env file. 它们 never sent 到 gateway.
Spec-Driven: 只是 provide OpenAPI spec URL 或 file. freeAPI figures out rest.

Agent Usage (Natural Language)

Agents should integrate freeAPI seamlessly into the conversation.

1. Onboarding ( "Integral" 方法)

Do not ask users to run raw CLI commands unless they prefer it. Instead, guide them conversationally:

Ask: "哪个服务做您 want 到 connect? (e.g., GitHub, Stripe, OpenAI)"
Prompt: "Please provide API 键对于 [服务]. I 将保存 securely 到 local .env file."
Action: 使用 写入 或 编辑 tool 到 append 键到 .env.

格式:* SERVICE_NAME_KEY=值 (e.g., GITHUB_TOKEN=ghp_...)

Confirm: "键 saved. 您可以现在使用 freeAPI 带有 [服务]."

2. Execution

When a user asks to perform an action (e.g., "Check my GitHub issues"):

Locate Spec: 查找 OpenAPI spec URL (e.g., https://api.github.com/openapi/v3).
Check Keys: 验证键 exists 在...中 .env. 如果不, trigger Onboarding flow 上面.
Run: 使用 节点 skills/freeAPI/索引.js run 带有 spec 和 parameters.

示例 Agent Thought Process:

User wants to list Stripe payments. I need the Stripe OpenAPI spec. I'll check .env for STRIPE_SECRET_KEY. It's missing. I will ask the user for it now, then save it, then run the listPayments operation.

用户 Guide (CLI Fallback)

For power users who prefer the terminal, the CLI is available.

Setup: 节点 skills/freeAPI/索引.js setup (Interactive checklist) Run: 节点 skills/freeAPI/索引.js run ...

为什么不中间件?

Middleware services introduce latency, dependency, and privacy risks. freeAPI eliminates these by running entirely on your machine.

freeAPI is a direct execution engine for OpenClaw. It bypasses middleware, gateways, and data harvesters. With freeAPI, your agent connects directly from localhost to any API using its official OpenAPI/Swagger specification.

Philosophy

Sovereign: You own the connection. No third-party server mediates your requests.
Private: API keys stay in your local .env file. They are never sent to a gateway.
Spec-Driven: Just provide an OpenAPI spec URL or file. freeAPI figures out the rest.

Agent Usage (Natural Language)

Agents should integrate freeAPI seamlessly into the conversation.

1. Onboarding (The "Integral" Method)

Do not ask users to run raw CLI commands unless they prefer it. Instead, guide them conversationally:

Ask: "Which service do you want to connect? (e.g., GitHub, Stripe, OpenAI)"
Prompt: "Please provide your API key for [Service]. I will save it securely to your local .env file."
Action: Use the write or edit tool to append the key to .env.

Format:* SERVICE_NAME_KEY=value (e.g., GITHUB_TOKEN=ghp_...)

Confirm: "Key saved. You can now use freeAPI with [Service]."

2. Execution

When a user asks to perform an action (e.g., "Check my GitHub issues"):

Locate Spec: Find the OpenAPI spec URL (e.g., https://api.github.com/openapi/v3).
Check Keys: Verify the key exists in .env. If not, trigger the Onboarding flow above.
Run: Use node skills/freeAPI/index.js run with the spec and parameters.

Example Agent Thought Process:

User wants to list Stripe payments. I need the Stripe OpenAPI spec. I'll check .env for STRIPE_SECRET_KEY. It's missing. I will ask the user for it now, then save it, then run the listPayments operation.

User Guide (CLI Fallback)

For power users who prefer the terminal, the CLI is available.

Setup: node skills/freeAPI/index.js setup (Interactive checklist) Run: node skills/freeAPI/index.js run ...

Why Not Middleware?

Middleware services introduce latency, dependency, and privacy risks. freeAPI eliminates these by running entirely on your machine.

数据来源：ClawHub ↗ · 中文优化：龙虾技能库

OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险，如需更匹配、更安全的方案，建议联系付费定制

了解定制服务

License

运行时依赖

版本

安装命令 点击复制

技能文档

Philosophy

Agent Usage (Natural Language)

1. Onboarding ( "Integral" 方法)

2. Execution

用户 Guide (CLI Fallback)

为什么 不 中间件?

Philosophy

Agent Usage (Natural Language)

1. Onboarding (The "Integral" Method)

2. Execution

User Guide (CLI Fallback)

Why Not Middleware?

安装命令点击复制

为什么不中间件?