ClawHub

Api Contract Auditor

v1.0.1

审查 API 文档、示例和字段定义是否一致,输出 breaking change 风险。;use for api, contract, audit workflows;do not use for 直接改线上接口, 替代契约测试平台.

0· 172·0 current·0 all-time
byvx:17605205782@52yuanchangxing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (API contract auditing) align with included files and the local script. The script implements directory/csv/pattern/skill audits driven by resources/spec.json and template.md. Requiring only python3 is proportional to the stated purpose.
Instruction Scope
SKILL.md instructs the agent to produce structured reports and, when allowed, run the local script with python3. The runtime instructions emphasize read-only auditing, listing files to inspect and producing reports; they do not instruct the agent to modify external systems or to send data to remote endpoints.
Install Mechanism
No install spec; this is an instruction-only skill with a local Python script. No downloads or external package installs are requested. This is low-risk and proportional to the task.
Credentials
The skill does not request any environment variables, secrets, or credentials. It only needs a local python3 binary. The script reads local files (various text file extensions) which is expected for a directory audit but means sensitive files should be avoided when running.
Persistence & Privilege
always: false and no persistent global modifications are requested. The script can write output to a file only when --output is provided (and can be run in --dry-run mode). The skill does not alter other skills' configs or request elevated platform privileges.
Assessment
This skill appears coherent and read-only: it inspects local files and generates a Markdown report via scripts/run.py and resources/template.md. Before running, review the script (scripts/run.py) yourself, and run it in a sandbox or on a copy of the repository to avoid accidentally scanning sensitive paths. Use --dry-run to avoid writing files, and avoid pointing the tool at large or system directories (it recursively reads many file types, including .py/.sh). Although the script includes pattern checks that mask discovered ‘secret-like’ strings, do not assume secrets are safe — sanitize sensitive inputs before scanning. If you allow an autonomous agent to invoke this skill, remember it can execute the local python3 command per SKILL.md; that is expected but ensure the agent's runtime environment is trusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk972vrxmvr866yvb2nj1c8zr6s834hdt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔌 Clawdis
OSmacOS · Linux · Windows
Binspython3

Comments