/ 100

8 days ago

glama

APIClaw

The API layer for AI agents. World's biggest API index with 22,000+ APIs and growing. Agents discover and call APIs at runtime with semantic search, structured metadata, and 18 Direct Call APIs including AI providers.

→ nordsym/apiclaw · listed on glama

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

Glama

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

🚨

Secret credentials may flow to a network call

10 flows detected: BRAVE_API_KEY, ELEVENLABS_API_KEY, GITHUB_TOKEN. We can’t prove the destination matches the brand the credential belongs to.

⚠️

Known vulnerabilities in dependencies: 7 high

Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.

🔐

You'll be asked for 30 credentials: ANTHROPIC_API_KEY, APICLAW_INTERNAL_SECRET, APICLAW_KEY_ENCRYPTION_SECRET, APILAYER_API_KEY, ASSEMBLYAI_API_KEY, BRAVE_API_KEY, COHERE_API_KEY, DEEPGRAM_API_KEY, DEEPINFRA_API_KEY, E2B_API_KEY, ELEVENLABS_API_KEY, ELKS_API_PASSWORD, FIRECRAWL_API_KEY, GITHUB_TOKEN, GROQ_API_KEY, MISTRAL_API_KEY, NASA_API_KEY, NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY, OPENAI_API_KEY, OPENROUTER_API_KEY, REPLICATE_API_TOKEN, RESEND_API_KEY, SERPER_API_KEY, STABILITY_API_KEY, STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET, TOGETHER_API_KEY, TWILIO_AUTH_TOKEN, VOYAGE_API_KEY, XAI_API_KEY

These are read from process.env at runtime. Make sure you trust where they’ll be sent.

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

🔐 secretANTHROPIC_API_KEY

configAPICLAW_AUTH_ENFORCEMENT

🔐 secretAPICLAW_INTERNAL_SECRET

🔐 secretAPICLAW_KEY_ENCRYPTION_SECRET

🔐 secretAPILAYER_API_KEY

🔐 secretASSEMBLYAI_API_KEY

🔐 secretBRAVE_API_KEY

configCLERK_JWT_ISSUER_DOMAIN

🔐 secretCOHERE_API_KEY

🔐 secretDEEPGRAM_API_KEY

🔐 secretDEEPINFRA_API_KEY

🔐 secretE2B_API_KEY

🔐 secretELEVENLABS_API_KEY

🔐 secretELKS_API_PASSWORD

configELKS_API_USER

🔐 secretFIRECRAWL_API_KEY

configFORCE_SEED

🔐 secretGITHUB_TOKEN

🔐 secretGROQ_API_KEY

🔐 secretMISTRAL_API_KEY

🔐 secretNASA_API_KEY

configNEXT_PUBLIC_APP_URL

🔐 secretNEXT_PUBLIC_CLERK_PUBLISHABLE_KEY

configNEXT_PUBLIC_CONVEX_URL

🔐 secretOPENAI_API_KEY

🔐 secretOPENROUTER_API_KEY

🔐 secretREPLICATE_API_TOKEN

🔐 secretRESEND_API_KEY

🔐 secretSERPER_API_KEY

🔐 secretSTABILITY_API_KEY

configSTRIPE_PRICE_ID_USAGE

🔐 secretSTRIPE_SECRET_KEY

🔐 secretSTRIPE_WEBHOOK_SECRET

🔐 secretTOGETHER_API_KEY

configTWILIO_ACCOUNT_SID

🔐 secretTWILIO_AUTH_TOKEN

🔐 secretVOYAGE_API_KEY

🔐 secretXAI_API_KEY

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 3 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/nordsym-apiclaw-1nzyy8)](https://m8ven.ai/mcp/nordsym-apiclaw-1nzyy8)

commit: 5fc10bc9e9dd831fc17340b6c4231afb4d4be3aa

code hash: 39ddd019eb29da730c6c48414c96d4c9dd96e5b2f613369f317e5dd6e6d4a9ef

verified: 6/13/2026, 10:42:17 AM

view raw JSON →