Built for
AI agents.
Your agent can build a real, deployed app on OverSkill — no signup, no API key, no human handoff. The user signs up later to keep it.
Build before signup.
Most platforms require an account before you can do anything. We don't.
Your agent calls POST /api/v1/anonymous_builds with a prompt, gets back a live preview URL and a 48-hour claim link. Hand the claim link to the user. They sign up to keep the app — or it auto-deletes.
Same pattern as Bolt.new's claim flow, but from a true anonymous starting point — no developer credentials of any kind needed to get going.
-
1Agent posts a prompt — no auth
POST /api/v1/anonymous_builds {"prompt": "..."} -
2OverSkill returns claim package
{ app_id, preview_url, claim_token, claim_url, expires_at } -
3Agent hands the user the claim linkUser signs up at
/claim/<token>— app transfers into their account. 48-hour window.
Try it from your terminal.
No API key. No signup. Real response.
curl -X POST https://staging.overskill.com/api/v1/anonymous_builds \
-H "Content-Type: application/json" \
-d '{
"prompt": "Build a coffee shop landing page with hours and a menu",
"email": "[email protected]"
}'The email field is optional — used only to deliver the claim link.
{
"success": true,
"app_id": "QjqEkj",
"name": "Coffee Shop Landing",
"preview_url": "https://preview-QjqEkj.overskill.app",
"claim_token": "eyJfcmFpbHMi...",
"claim_url": "https://staging.overskill.com/claim/eyJfcmFpbHMi...",
"expires_at": "2026-05-09T18:00:00Z"
}Claim window: 48 hours. Auto-deleted otherwise.
Install in your agent.
Works with any agent that supports the Agent Skills open standard or custom tools.
Claude Code
Save the skill into your project's CLAUDE.md or ~/.claude/skills/.
Cursor
@-reference the skill URL or add as a docs source in Cursor settings.
OpenAI Codex CLI
Same Agent Skills format. Drop it in your skills directory.
Gemini CLI
Reference the skill in your Gemini project context.
MCP server
Auto-discovered via our Server Card.
Any agent
Fetch the skill file or feed llms.txt into context.
What works without an API key.
Everything below is callable by an unauthenticated agent. Throttled per-IP, hashed-IP audit trail, no PII collected without consent.
-
✓
POST /api/v1/anonymous_buildsBuild a trial app from a prompt -
✓
GET /api/v1/anonymous_builds/:idPoll status + preview URL -
✓
GET /claim/:tokenBrowser-facing claim landing -
✓
GET /SKILL.mdAgent Skills file -
✓
GET /llms.txtLLM-friendly concise API ref -
✓
GET /llms-full.txtLLM-friendly full API ref -
✓
GET /.well-known/mcp.jsonMCP Server Card -
✓
GET /.well-known/agent-skills.jsonAgent Skills card -
✓
GET /.well-known/oauth-authorization-serverRFC 8414 OAuth metadata -
✓
GET /.well-known/oauth-protected-resourceRFC 9728 protected resource -
✓
GET /sitemap.xmlFull sitemap (markdown-aware) -
✓
POST /api/v1/auth/magic_codePasswordless email auth
-
→
POST /api/v1/managed_appsCreate app under your team -
→
POST /api/v1/generation_queueGenerate without trial state -
→
GET /api/v1/managed_apps/:id/filesRead source files -
→
POST /api/v1/managed_apps/:id/deployDeploy to production -
→
* /api/v1/managed_apps/:id/env_varsRead/write environment vars -
→
* /api/v1/managed_apps/:id/custom_domainsManage custom domains -
→
POST /api/v1/anonymous_builds/:id/claimProgrammatic claim -
→
POST /api/v1/mcp/execute_toolFull MCP tool catalog -
→
GET /api/v1/usageCredit balance + usage -
→
* /api/v1/webhooksManage webhook subs -
→
* /api/v1/zapier/*Zapier triggers / actions
We publish all this so your agent finds us.
Standard discovery files at the standard locations. No undocumented endpoints, no scraping required.
robots.txt
/robots.txt
Explicit AI bot allow rules + Cloudflare Content-Signal directive
sitemap.xml
/sitemap.xml
Templates, integrations, /build/* landing pages, more
MCP Server Card
/.well-known/mcp.json
Tool catalog endpoint + auth methods
Agent Skills Card
/.well-known/agent-skills.json
Points at SKILL.md (agentskills.io)
OAuth Authorization Server
/.well-known/oauth-authorization-server
RFC 8414 metadata
OAuth Protected Resource
/.well-known/oauth-protected-resource
RFC 9728 metadata
SKILL.md
/SKILL.md
Anthropic/OpenAI Agent Skills format
llms.txt
/llms.txt
Concise LLM-friendly ref
llms-full.txt
/llms-full.txt
Exhaustive LLM-friendly ref
Link response headers
Every page response carries Link: headers pointing at SKILL.md, llms.txt, and the .well-known/* docs. Agents that don't parse HTML still discover us.
Link: </SKILL.md>; rel="alternate"; type="text/markdown", </.well-known/mcp.json>; rel="describedby"
Markdown content negotiation
Send Accept: text/markdown on a public template page and we return clean markdown — no HTML chrome to strip.
curl -H "Accept: text/markdown" https://staging.overskill.com/templates/<slug>
Standards we follow.
Open specs only. No proprietary lock-ins. Roadmap items called out below.
Model Context Protocol (MCP)
Tool catalog + execution endpoint discoverable via /.well-known/mcp.json. Both HTTP and Node SDK transports.
Agent Skills (Anthropic / OpenAI open standard)
Conformant SKILL.md served at /SKILL.md. Card at /.well-known/agent-skills.json (agentskills.io).
OAuth 2.0 Authorization Server Metadata
RFC 8414 — published at /.well-known/oauth-authorization-server. Doorkeeper-backed authorization_code flow.
OAuth 2.0 Protected Resource Metadata
RFC 9728 — published at /.well-known/oauth-protected-resource. Bearer token auth.
Cloudflare Content Signals Policy
Explicit ai-train=no, ai-input=yes, search=yes directive in robots.txt.
Sitemaps 0.9 / robots.txt
Standard locations, AI bot rules, sitemap reference. Updates daily.
x402 micropayments (Coinbase + Cloudflare)
Roadmap. Pay-per-build for agents with USDC wallets — no account required at all.
Web Bot Auth (RFC 9421 HTTP Message Signatures)
Roadmap. Cryptographically-signed agent identity → tiered rate limits.
Build something for someone right now.
No signup. No API key. 48 hours to claim.
For developers building on top of OverSkill (auth required): API Documentation · llms-full.txt · Webhooks