ShieldNodeShieldNode
Start free
For AI Agents

Use ShieldNode with your AI agent

A drop-in skill that teaches Claude Code, Cursor, Continue, and any other agent how to integrate APIs through ShieldNode, without you having to explain it every time.

What is the skill?

It's a single SKILL.md file (plus a services/ folder) that lives inside your project. When your AI agent needs to integrate an API, it reads the skill, walks you through configuration, and writes per-service reference notes that future sessions reuse.

Configure services correctly

Auto / Manual / AI configuration paths, with the base-URL formatting rules baked in.

Generate reference docs

The agent fetches the API's documentation and saves a clean reference file per service.

Debug like a senior

HTTP error decision tree, base-URL gotchas, and curl diagnostic commands ready to paste.

Install

Pick the option that matches how your agent loads context.

1

Drop into your project (recommended)

Most agent runtimes (Claude Code, Cursor) auto-discover skills under skills/.

mkdir -p skills && curl -sL https://github.com/RP0-undefined/shieldnode-skill/archive/refs/heads/main.tar.gz \
  | tar -xz -C skills --strip-components=1
2

Single file

Just the instructions, no auto-discovery. Point your agent at it from a system prompt.

curl -O https://raw.githubusercontent.com/RP0-undefined/shieldnode-skill/main/SKILL.md
3

Git submodule

Pin to a specific commit and pull updates explicitly.

git submodule add https://github.com/RP0-undefined/shieldnode-skill skills/shieldnode

Use it

Just talk to your agent normally, no special syntax. Examples:

I want to integrate the Stripe API through ShieldNode. Set it up.

My OpenAI proxy returns 404, what's going on?

Generate a reference doc for the Resend API.

I configured the Airtable base URL without /v0, what URL should I call?

The agent reads SKILL.md, asks you any missing info, and saves what it learns under skills/services/<api>.md. Future sessions don't re-fetch the docs, they read the local file.

What it teaches the agent

Service configuration, Auto, Manual, and AI Configurator flows in the dashboard. Picks the right one based on what the user knows about the API.
Virtual key creation, Setting alias, rate limits, request caps, allowed paths, and expirations. Reminds the user that the key is shown only once.
Per-service reference docs, A markdown template with routing info, original API base URL, doc link, auth method, and an Endpoints table the agent populates from the docs.
Base URL formatting, The single biggest source of 404s. The skill includes a matching table showing how to call the proxy depending on what was set as base URL (with or without /v1, trailing slashes, etc.).
HTTP error diagnosis, Decision tree for 401, 403, 404, 429, 500, 502, 504, what each means and what to check first.
Curl diagnostic commands, Copy-paste commands for verbose proxy testing and direct upstream testing to isolate where a problem comes from.
Security rules, Never log virtual keys, never paste them in URLs, redact them when echoing user input, instant revocation flow.

Push approval (the marquee flow)

Push approval is the marquee feature ShieldNode exposes to agents. A user can keep a virtual key disabled by default. When the agent calls that key, the proxy does not return a generic error. It triggers a push notification on the user's phone and returns 403 approval_required. The agent polls. The user taps Approve. The key activates for a bounded window. The next call returns 200.

Headers an agent should send

X-Agent-Name(highly recommended)

Your agent's identity. The notification body reads “Claude requests 5 min on production-key” instead of the generic“External agent requests…”. Specific identities get approved. Capped at 60 characters server-side.

X-Approval-Duration(optional)

How long the agent needs access. Accepts plain integers (minutes) or shorthand like15m /2h. Server clamps to 1…1440. Falls back to the user's per-key default (30 min) when absent.

Response shapes

# Awaiting user approval (poll and retry)
HTTP 403
{
  "error": "approval_required",
  "request_id": "...",
  "requested_minutes": 15,
  "poll_interval_seconds": 30,
  "timeout_seconds": 300
}

# User declined (stop polling, tell the user)
HTTP 403
{ "error": "approval_denied" }

# No mobile device registered (no approval channel)
HTTP 403
{ "error": "key_disabled" }

# Granted (resume normal operation)
HTTP 200
{ ... upstream response ... }

Behaviour the skill enforces

  • · Always send X-Agent-Name. Anonymous requests get ignored more often than approved.
  • · Right-size X-Approval-Duration to the workload. A 5-min chat reply is not an 8-hour batch.
  • · Tell the user once that an approval is pending. Then poll silently. Repeating chat messages every 30 seconds feels like spyware.
  • · Stop on explicit decline. Do not retry just because the call failed. The user said no.
  • · Respect the timeout. After 5 minutes with no answer, the agent should ask the user in chat whether to try again rather than loop forever.

The skill ships with a canonical Python implementation of the polling loop covering every code path above.Read it on GitHub.

Bonus: bypass Cloudflare bot rules

Many third-party APIs sit behind Cloudflare with strict bot-detection rules. When you call them directly from a Python requests, Node axios, Go net/http, or any other HTTP library, Cloudflare can fingerprint your client (TLS handshake + User-Agent) and reject the call with HTTP 403 / error code 1010, even though your IP is fine and your credentials are valid.

Routing the request through ShieldNode fixes this. The proxy uses a browser-like User-Agent and a hosting-provider IP that Cloudflare trusts when forwarding upstream, your client only has to reach proxy.shieldnode.app.

Same code, different result

Direct (Python requests → CF-protected API):

HTTP 403, error code: 1010

Through ShieldNode:

HTTP 200, {"data": ...}

If your use case requires a specific User-Agent for analytics or partner attribution, send it via the X-ShieldNode-User-Agent header, the proxy will use that value upstream instead of the default browser UA.

Compatibility

The skill is plain markdown, it works with any agent that can read instructions from a file. Tested with:

Claude Code

Auto-discovered under skills/

Cursor

Reference via .cursorrules or @-mention

Continue

Add as a context provider

Custom agents

Inject into the system prompt

Browse the source

The skill is open-source. Read it, fork it, send a PR if something is missing.

Open the repoBack to docs