Install command
Provided
Explore and script against REST APIs with comprehensive authentication support (API keys, OAuth 2.0, JWT Bearer tokens, Basic Auth), pagination utilities (cursor-based, offset-based, page-based), retry logic with exponential backoff and jitter, error handling for HTTP status codes, rate limiting with Retry-After hea...
Open the source and read safety notes before installing.
Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.
Decision playbook
Signals are comparatively strong, but you should still validate source, privacy posture, and package provenance for your environment.
0
96
—
No baseline selected
No major trust-signal divergence detected in the current selection.
Confirm ownership and provenance before trusting install instructions.
Source link availableRequired
Open the canonical repository and verify ownership.
Source provenance statusRequired
Marked as first-party.
Metadata reviewed
Registry metadata indicates a reviewed listing.
Validate risk disclosures before installation or API wiring.
Safety notes presentRequired
Review the listed safety guidance before running commands.
Privacy notes presentRequired
Review data handling notes before connecting accounts or secrets.
Trust level risk gateRequired
Trust level does not block evaluation.
Check package metadata and artifact integrity signals.
Install payload available
Install or copy payload is available for review.
Package verification flag
Package marked verified.
Checksum metadata
SHA-256 hash is present.
Use compare context to validate trade-offs before adoption.
Compare tray has multiple entries
Add at least one more entry to compare trust differences.
Baseline comparison available
No baseline peer selected yet.
Diverging trust signals identified
No major trust-signal divergence found.
Setup at a glance
Copy-ready — paste the snippet to get started.
Install command
Provided
Config snippet
Not provided
Copy snippet
Provided
Prerequisites
6 to clear
Platforms
6 listed
Difficulty
100/100
Adoption plan
Current risk score 0/100. Use staged verification before broader rollout.
Validate source and review signals before any execution.
Confirm source provenanceRequired
Source URL/provenance metadata is present.
Confirm metadata review state
Listing has review metadata.
Verify install payload
Install/config payload exists and can be inspected.
Confirm safety, privacy, and package integrity signals.
Review safety notesRequired
Safety notes are present.
Review privacy notesRequired
Privacy notes are present.
Verify package integrity metadata
Package verification/checksum metadata is available.
Adopt in controlled steps based on the selected plan.
Run in isolated sandbox firstRequired
Use a constrained sandbox and observe behavior across multiple tasks.
Roll out graduallyRequired
Roll out to a small cohort before wider usage.
Set monitoring and fallback
Define rollback path and monitor errors after adoption.
Evidence readiness
Required evidence gates are covered (6/6 signals complete).
Source repository/provenance is listed.
Required in this preset
Review metadata is present.
Required in this preset
Safety notes are present.
Required in this preset
Privacy notes are present.
Optional in this preset
Package integrity metadata is present.
Optional in this preset
Install payload is available.
Required in this preset
Required evidence gates are covered for this preset.
Decision timeline
6/6 steps complete with no blocking gaps for this preset.
triage
Source/provenance metadata is available.
triage
Review metadata is available.
verify
Safety notes are available.
verify
Privacy notes are available.
verify
Package integrity metadata is available.
rollout
Install payload is available.
No required blockers for this timeline preset.
Prerequisite readiness
6 prerequisites to line up before setup. Have accounts and credentials ready first.
Safety & privacy surface
1 safety and 1 privacy notes across 2 risk areas. Review closely: credentials & tokens, network access.
| Platform | Support | Install path |
|---|---|---|
| claude-code | Native | .claude/skills/<skill-name>/SKILL.md |
| codex | Native | .agents/skills/<skill-name>/SKILL.md |
| windsurf | Native | .windsurf/skills/<skill-name>/SKILL.md |
| gemini | Native | .gemini/skills/<skill-name>/SKILL.md or .agents/skills/<skill-name>/SKILL.md |
| cursor | Adapter | .cursor/rules/<skill-name>.mdc |
| cli | Manual | AGENTS.md or tool-specific context file |
import { setTimeout as delay } from 'node:timers/promises';
import { fetch } from 'undici';
async function fetchAll(url, token) {
let next = url;
const items = [];
while (next) {
const res = await fetch(next, { headers: { Authorization: `Bearer ${token}` } });
if (!res.ok) {
if (res.status >= 500) { await delay(1000); continue; }
throw new Error(`HTTP ${res.status}`);
}
const data = await res.json();
items.push(...data.items);
next = data.next;
}
return items;
}Claude can interact with REST APIs: make requests, handle authentication (API keys, OAuth, JWT), paginate through results, handle rate limits with retries, and process responses. Build API integration scripts, test endpoints, and extract data from web services.
SKILL.md.SKILL.md content as reusable workflow instructions..gemini/skills/<skill-name>/SKILL.md or .agents/skills/<skill-name>/SKILL.md where supported..cursor/rules/*.mdc adapter for project rules.Required:
What Claude handles:
Prompt: "Fetch data from this REST API endpoint: https://api.example.com/users Use API key: [your-key] Show me the first 10 results."
Claude will:
Prompt: "Fetch all pages from this paginated API: URL: https://api.example.com/items Pagination: cursor-based (next_cursor field) API Key: [your-key] Save all results to items.json"
Claude will:
Prompt: "Create a new user via POST request: URL: https://api.example.com/users Payload: {name: 'John Doe', email: 'john@example.com'} Auth: Bearer token [your-token] Show me the response."
Claude will:
Prompt: "Upload all these records to the API:
Claude will:
"Test this API endpoint:
1. Make GET request to /api/products
2. Check status code and headers
3. Validate JSON response schema
4. Show sample of first 3 records
5. Report if any fields are null/missing"
"Migrate data from API A to API B:
1. Fetch all records from source API (paginated)
2. Transform to target API format
3. POST to destination API
4. Handle rate limits (5 req/sec)
5. Log migration progress and errors
Save unmigrated records to errors.json"
"Test this webhook:
1. POST sample payload to webhook URL
2. Check response status
3. Validate response format
4. Test with invalid payload
5. Report all results"
"Monitor API health:
1. Hit /health endpoint every minute for 10 minutes
2. Record response time and status
3. Alert if response time > 1 second
4. Create uptime report
5. Plot response times"
X-API-Key: your-key?api_key=your-keyAuthorization: Bearer your-tokenAuthorization: Basic base64(user:pass)url = "https://api.example.com/items"
all_items = []
cursor = None
while True:
params = {"cursor": cursor} if cursor else {}
response = requests.get(url, params=params)
data = response.json()
all_items.extend(data["items"])
cursor = data.get("next_cursor")
if not cursor:
break
import time
max_retries = 3
for attempt in range(max_retries):
try:
response = requests.get(url)
response.raise_for_status()
break
except requests.exceptions.RequestException:
if attempt < max_retries - 1:
wait = 2 ** attempt # 1s, 2s, 4s
time.sleep(wait)
else:
raise
Issue: Authentication failing Solution: Double-check auth method and credentials. Show Claude the API docs for auth section.
Issue: Rate limit errors (429) Solution: "Add retry logic with exponential backoff" or "Reduce concurrent requests to 5/second"
Issue: Response parsing errors Solution: "Show me raw response first" then describe expected structure
Issue: Pagination not working Solution: Clarify pagination method: "Use offset pagination starting at 0, increment by 100"
Issue: Timeouts on large requests Solution: "Increase timeout to 60 seconds" or "Fetch in smaller batches"
Issue: CORS errors (in browser context) Solution: Note: Code Interpreter runs server-side, no CORS issues
REST API Client Harness Skill side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.
3 trust signals differ across this comparison (Package trust, Source provenance, Submitter).
Next steps differ across entries — use the actions in the table below to copy install commands and source links per resource.
| Field | Explore and script against REST APIs with comprehensive authentication support (API keys, OAuth 2.0, JWT Bearer tokens, Basic Auth), pagination utilities (cursor-based, offset-based, page-based), retry logic with exponential backoff and jitter, error handling for HTTP status codes, rate limiting with Retry-After hea... Open dossier | Compile Rust, C++, or Go to WebAssembly and run it in the browser, Node.js, and serverless runtimes: wasm-bindgen JS interop, WASI for system access, the Component Model, and SIMD. Open dossier | Official Flutter team Agent Skills for AI coding agents building Flutter apps, fixing layout issues, adding widget and integration tests, creating widget previews, applying layered architecture, routing, localization, JSON serialization, and HTTP workflows. Open dossier | Expert MCP remote server trust review capability pack for auditing OAuth flows, transport security, tool permissions, data exfiltration risk, and vendor scope before connecting Claude Code to third-party MCP servers. Open dossier |
|---|---|---|---|---|
| Next stepsDiffers | ||||
| Trust | ||||
| Review status | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed |
| Package trustDiffers | Package verified2025-10-15 | Package verified2025-10-16 | Package not verified | Package not verified |
| Source provenanceDiffers | Source-backed | No submission link | Source-backed | Submission linkedSource submission |
| SubmitterDiffers | — | — | — | kiannidev |
| Install risk | Review first | Low risk | Review first | Review first |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Brand | — | — | — | — |
| Category | skills | skills | skills | skills |
| Source | first-party | first-party | source-backed | source-backed |
| Author | JSONbored | JSONbored | Flutter Team | kiannidev |
| Added | 2025-10-15 | 2025-10-16 | 2026-06-18 | 2026-06-14 |
| Platforms | Claude CodeCodexWindsurfGeminiCursorCLI | Claude CodeCodexWindsurfGeminiCursorCLI | Claude CodeCodexWindsurfGeminiCursorCLI | Claude CodeCodexWindsurfGeminiCursorCLI |
| Source repo | — | — | — | — |
| Safety notes | ✓Setup downloads/unzips a package, and the harness makes live HTTP requests (including POST/PUT/DELETE) to the APIs you point it at; review endpoints and methods before running against production services. | ✓The install step downloads and unzips a package, and building modules runs compiler toolchains (wasm-pack, Emscripten, or the WASI SDK); run them in a trusted project directory and review generated build files. WASI grants modules system access (files, env, sockets); grant only the capabilities a module needs and review WASI imports before running untrusted modules. | ✓Flutter skills can modify application code, tests, pubspec dependencies, routing, localization files, serialization code, architecture boundaries, and app entry points. Integration-test workflows may enable Flutter Driver extensions, add keys to widgets, launch apps through MCP tools, interact with running UI, and create driver scripts. Do not run device, emulator, browser, Firebase Test Lab, or network-backed integration tests against production services without explicit approval and test credentials. Architecture and routing changes can alter navigation, state management, API access, caching, offline behavior, and user-visible app flows. Use project-local conventions and Flutter version constraints before applying generated examples. | ✓Remote MCP servers run outside Anthropic control; Claude Code MCP integration does not guarantee vendor security or data isolation. OAuth tokens issued to an MCP server may grant persistent access to third-party accounts until revoked in the vendor admin console. Tools that read, write, delete, or execute on external systems can cause irreversible production changes when invoked by the model. SSE and streamable HTTP transports must use TLS; do not approve cleartext remote endpoints on untrusted networks. This skill recommends scoping and approval steps; it must not add MCP servers or approve OAuth consent without explicit user authorization. |
| Privacy notes | ✓API requests carry credentials (API keys, OAuth/JWT tokens) and request/response bodies; keep secrets in environment variables, and review what data is sent to and logged from third-party APIs. | ✓Compiling and running modules is local, but a module that fetches remote models or data (for example ONNX inference) sends and receives data over the network; review what it downloads and where results go. | ✓Flutter projects may contain API URLs, Firebase project IDs, mobile bundle IDs, analytics keys, user fixtures, screenshots, test traces, device logs, crash output, and integration-test artifacts. MCP app exploration can expose widget trees, screen text, test data, typed inputs, navigation paths, and screenshots from the running app. HTTP, JSON, localization, and repository-layer work may touch private API schemas, user data models, translations, product copy, and backend payloads. Keep credentials, private endpoints, screenshots with user data, device logs, Firebase tokens, and proprietary UI flows out of public prompts, issues, PRs, and examples. | ✓MCP tool results can contain customer names, ticket contents, database rows, repository secrets, and internal URLs that should not be pasted into public issues. OAuth consent screens and server logs may expose account emails, organization identifiers, and access tokens if shared without redaction. Remote server vendors may retain prompts, tool arguments, and responses under their own privacy policies outside Anthropic data handling. Public trust-review summaries should describe risk categories and mitigations, not full tool schemas or live OAuth tokens. |
| Prerequisites |
|
|
|
|
| Install | | | | — |
| Config | — | — | — | — |
| Citations | ||||
| Claim | Unclaimed | Unclaimed | Unclaimed | Unclaimed |
Source-backed guides for putting this to work.
Loading live community signals…
A short, calm digest of reviewed Claude resources. Unsubscribe any time.