API Architect

Type: OpenClaw Skill Name: afrexai-api-architect Version: 1.0.0 The skill bundle is designed to guide an AI agent through API development best practices. However, the `SKILL.md` file contains explicit `bash` `curl` commands within its 'curl Testing Recipes' section. While these commands are presented as examples for testing external APIs, their direct inclusion and the agent's instruction to 'Run Phase X' (which could involve generating/executing such commands) represent a significant risk. An AI agent executing these commands with access to real credentials (e.g., `$TOKEN`) or against arbitrary URLs could lead to unintended actions or data exposure, even if the skill's author did not intend malice. This constitutes a risky capability and a potential remote code execution vulnerability via prompt injection against the agent, classifying it as suspicious rather than benign.