ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Api Endpoint Discovery

v1.4.0

Discovers and maps API endpoints using passive OSINT and active brute-forcing to assess the exposed attack surface of a web application's API layer.

0· 95·0 current·0 all-time
by@snipercat69

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for snipercat69/edgeiq-api-endpoint-discovery.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Api Endpoint Discovery" (snipercat69/edgeiq-api-endpoint-discovery) from ClawHub.
Skill page: https://clawhub.ai/snipercat69/edgeiq-api-endpoint-discovery
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install edgeiq-api-endpoint-discovery

ClawHub CLI

Package manager switcher

npx clawhub@latest install edgeiq-api-endpoint-discovery
Security Scan
Capability signals
CryptoCan make purchasesRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description match the included scanner code (OpenAPI discovery, JS scraping, path brute-forcing). However the SKILL.md advertises paid Pro/Bundle tiers while the shipped licensing code contains an empty VALID_LICENSES mapping and an obvious shortcut (granting Pro/Bundle if EDGEIQ_EMAIL is set to a specific email). The metadata declares no required env vars but runtime docs instruct users to set EDGEIQ_EMAIL to enable Pro features — this is inconsistent and disproportionate to the stated purpose.
!
Instruction Scope
Runtime instructions direct the agent/user to run endpoint_discovery.py which performs passive and active scanning (including path brute-forcing and JS scraping). That behavior is consistent with the stated purpose, but SKILL.md explicitly instructs users to enable Pro via EDGEIQ_EMAIL=your_email@gmail.com, effectively encouraging an environment-variable bypass of paid gating. Installation instructions also reference a hardcoded user path (/home/guy/...) which is odd and suggests careless packaging. Active brute-forcing is intrusive by nature and the skill provides multi-threaded scanning — users must not run it against unauthorized targets.
Install Mechanism
No formal install spec (instruction-only) — code is copied into the agent skills directory per SKILL.md. This is low-risk from an automatic install point of view, but the included files will be written to disk when the user follows the copy command. The copy instruction references a specific local path (/home/guy/...) which is incorrect for general users and indicates sloppy packaging.
!
Credentials
The skill declares no required environment variables but the code and docs rely on EDGEIQ_EMAIL and ~/.edgeiq/license.key for license checks. The license check is trivial (specific email is hardcoded to grant bundle) and VALID_LICENSES is empty, effectively allowing users to bypass paid gating by setting an env var. The skill reads/writes under the user's home (~/.edgeiq) which is not strictly necessary for core discovery functionality and widens the local filesystem footprint.
Persistence & Privilege
always:false and there is no evidence the skill requests elevated privileges, installs daemons, or modifies other skills. It reads/writes a per-user license file under ~/.edgeiq which is limited scope and expected for a licensing module, though the behavior is unnecessary for core scanning.
What to consider before installing
This tool implements expected API discovery capabilities (OpenAPI/Swagger parsing, JS scraping, brute-forcing), but there are red flags you should consider before installing or running it: - Licensing bypass: The code ships with an empty VALID_LICENSES and treats EDGEIQ_EMAIL (and a hardcoded email address) as sufficient to enable 'Pro/Bundle' features. The SKILL.md even tells users to set EDGEIQ_EMAIL to enable Pro — this contradicts the paid model and suggests sloppy or deceptive monetization. - Active scanning risks: The script supports multi-threaded path brute-forcing and parameter enumeration. Running it against domains you don't own or without explicit authorization may be illegal and will likely trigger intrusion detection and potential blocking/legal issues. Only use it against targets you control or have written permission to test. - Local footprint: The tool reads/writes a license under ~/.edgeiq. If you care about disk hygiene, review or sandbox that behavior. - Unknown provenance: Source and homepage are unknown. The package includes support and payment links in SKILL.md, but the licensing implementation is weak. Prefer code from known, verifiable authors or run inside an isolated VM/container and inspect the code yourself before use. Recommendations before installing: - Review the full endpoint_discovery.py and edgeiq_licensing.py files (they are included) to confirm there are no network callbacks or telemetry you don't want. - If you plan to run scans, do so in an isolated environment and only against authorized targets. - If you expect to pay for Pro features, verify the licensing mechanism with the author; do not rely on EDGEIQ_EMAIL as a security/monetization mechanism. - If unsure, avoid installing or run the skill in a disposable container/VM and restrict network access to the target domains only.

Like a lobster shell, security has layers — review code before you run it.

latestvk975c6w2z693kfyn0ecwg1nmmd85h75w
95downloads
0stars
4versions
Updated 3d ago
v1.4.0
MIT-0
@snipercat69
latest
Download

API Endpoint Discovery

Skill Name: api-endpoint-discovery Version: 1.0.0 Category: Security / API / OSINT Price: Lifetime: $39 / Optional Monthly: $7/mo (includes all Pro features permanently) Author: EdgeIQ Labs OpenClaw Compatible: Yes — Python 3, pure stdlib, WSL + Linux

What It Does

Discovers API endpoints for a target domain using passive OSINT (Swagger docs, OpenAPI specs, robots.txt, JavaScript scraping, favicon analysis) and active techniques (path brute-forcing, parameter enumeration). Maps the exposed attack surface of a web application's API layer.

⚠️ Legal Notice: Only audit domains you own or have explicit written authorization to scan. Active brute-forcing should only be used on authorized targets.

Features

  • Swagger/OpenAPI discovery — locates and parses live API specification files
  • robots.txt analysis — extracts API-related paths from robots exclusion
  • JavaScript endpoint extraction — scrapes fetch/axios/XMLHttpRequest calls from JS files
  • Favicon/asset fingerprinting — extracts API hints from CDN-hosted assets
  • Path brute-forcing — common API path patterns with wordlist
  • Parameter enumeration — discovers API query parameter names
  • API version detection — identifies API version strings in responses
  • JSON export — structured endpoint inventory

Tier Comparison

FeatureFreeLifetime ($39)Optional Monthly ($7/mo)
Target scan✅ (3 scans)✅ (unlimited)✅ (unlimited)
Swagger/OpenAPI discovery
robots.txt analysis
JS endpoint extraction
Favicon fingerprinting
Path brute-forcing
Parameter enumeration
JSON export

Installation

cp -r /home/guy/.openclaw/workspace/apps/api-endpoint-discovery ~/.openclaw/skills/api-endpoint-discovery

Usage

Basic passive discovery (free tier)

python3 endpoint_discovery.py --target "https://api.target.com"

Pro scan with brute-forcing (Pro)

EDGEIQ_EMAIL=your_email@gmail.com python3 endpoint_discovery.py \
  --target "https://api.target.com" --pro

Bundle — full active + passive scan

python3 endpoint_discovery.py --target "https://api.target.com" \
  --bundle --output inventory.json

Parameters

FlagTypeDefaultDescription
--targetstringTarget base URL (e.g. https://api.target.com)
--proflagFalseEnable Pro features
--bundleflagFalseEnable Bundle features
--wordliststringbuilt-inPath to custom wordlist for brute-forcing
--threadsint10Number of concurrent threads
--outputstringWrite JSON inventory to file

Output Example

=== API Endpoint Discovery ===
Target: https://api.target.com

  [1m[92m✔[0m Discovered 24 endpoints across 3 API versions

  Swagger/OpenAPI:
    [1m[92m✔[0m /swagger/v1/api.json — OpenAPI 3.0 spec found
    [1m[92m✔[0m /api-docs — Swagger UI detected

  Endpoints by category:

    Authentication (5 endpoints)
      POST /api/v1/auth/login         — 200 OK
      POST /api/v1/auth/register      — 201 Created
      POST /api/v1/auth/refresh      — 200 OK
      POST /api/v1/auth/logout        — 204 No Content
      GET  /api/v1/auth/session       — 200 OK

    Users (7 endpoints)
      GET  /api/v1/users             — 200 OK (paginated)
      GET  /api/v1/users/:id         — 200 OK
      POST /api/v1/users             — 201 Created
      PUT  /api/v1/users/:id          — 200 OK
      DELETE /api/v1/users/:id       — 204 No Content

    Products (6 endpoints)
      GET  /api/v1/products          — 200 OK
      GET  /api/v1/products/:id     — 200 OK
      POST /api/v1/products         — 201 Created
      ...

  Hidden/exposed sensitive endpoints:
    ⚠️ GET /api/v1/admin/users      — Admin-only, no auth observed
    ⚠️ POST /api/v1/debug/config   — Debug endpoint — INFORMATION EXPOSURE

  Version fingerprinting:
    X-API-Version: 1.2.3
    Server: Apache-Coyote/1.1

  Threat Level: MEDIUM — 2 sensitive endpoints exposed without auth

Pro Upgrade

Full API discovery with brute-forcing, JS scraping, and parameter enumeration:

👉 Buy Lifetime — $39 👉 Subscribe Monthly — $7/mo

Support

Open a ticket in #edgeiq-support or email gpalmieri21@gmail.com

🔗 More from EdgeIQ Labs

edgeiqlabs.com — Security tools, OSINT utilities, and micro-SaaS products for developers and security professionals.

  • 🛠️ Subdomain Hunter — Passive subdomain enumeration via Certificate Transparency
  • 📸 Screenshot API — URL-to-screenshot API for developers
  • 🔔 uptime.check — URL uptime monitoring with alerts
  • 🛡️ headers.check — HTTP security headers analyzer

👉 Visit edgeiqlabs.com →

Comments

Loading comments...