ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Apifox

提供公开YApi产品及开源文档的功能摘要、目录提取和开源链接汇总,支持轻量信息整理与检索。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 20 · 0 current installs · 0 all-time installs
byClawKK@CodeKungfu
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The package metadata names the skill 'Apifox' while SKILL.md registers a 'YApi' skill (yapi-hot-trend) and points to yapi.pro. Both relate to API documentation tools, so this could be a harmless copy/paste mistake, but the name/description mismatch is an incoherence that should be clarified with the author.
Instruction Scope
SKILL.md instructs the agent to visit public product/documentation pages, wait for dynamic content, extract summaries, directories, and repository links, and explicitly forbids account operations, project writes, or sensitive-data collection. That scope is consistent with the stated purpose of summarizing public docs.
Install Mechanism
No install spec and no code files are present (instruction-only skill). This minimizes on-disk risk; nothing is downloaded or executed by an installer.
Credentials
The skill declares no required environment variables, credentials, or config paths. For a web-scraping / summarization instruction set this is proportionate and appropriate.
Persistence & Privilege
Flags show always:false and autonomous invocation is allowed (the platform default). The skill does not request elevated persistence or to modify other skills/config; this is proportionate.
What to consider before installing
Before installing: 1) Confirm the intended target—ask the author whether this skill is for Apifox or YApi and request matching metadata (name/homepage). 2) Verify source/trustworthiness since 'Source' and 'Homepage' are unknown. 3) If you plan to let an agent crawl the web, run it in a sandboxed environment and ensure it respects robots.txt and rate limits. 4) Because the SKILL.md allows dynamic page loading and generic 'visit product pages' actions, prefer least-privilege network access (restrict domains) until the scope is confirmed. 5) Installation is lower risk (no downloads/credentials), but the metadata mismatch is a red flag — get clarification; if the author cannot clarify, treat the skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.0
Download zip
latestvk97dsz3a30t9g5wq21z6gkgfbx839wpc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

YApi

用途与边界

  • 面向公开产品/开源文档的检索与内容摘要
  • 不提供账号操作、项目写入或接口逆向能力
  • 仅处理公开页面的轻量信息整理

关键入口

  • 主页:https://yapi.pro/
  • 文档与示例:站点入口或GitHub开源页
  • 公告与版本更新:站点入口

常见任务

  • 功能与版本说明摘要(接口管理/Mock/权限)
  • 部署与使用文档目录提取
  • 开源仓库入口与示例链接汇总

数据字段

  • 功能条目、版本差异、适用场景、链接
  • 文档标题、目录链接、部署指南入口
  • 开源仓库链接、示例入口

自动化要点

  • 页面动态加载,需等待完成后解析
  • 不进行项目写入或接口调用
  • 频率控制,尊重平台访问限制

示例流程

  • 功能摘要:访问产品页 → 抽取功能与版本 → 输出摘要
  • 文档目录:进入文档中心 → 抽取目录 → 输出链接集合
  • 开源入口:收集仓库链接 → 汇总示例 → 输出清单

合规提示

  • 遵守平台与开源协议
  • 不存储或输出敏感信息

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…