ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

API Doc Generator

v1.0.0

Automatically generate OpenAPI/Swagger API documentation by analyzing function signatures and extracting parameter and return types from Python, JavaScript,...

0· 676·5 current·5 all-time
by@honestqiao
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The stated purpose (generate OpenAPI/Swagger from code) matches the skill's name and instructions, and the skill requests no unrelated credentials or system access. However the embedded implementation is highly simplistic (a single regex) and does not substantiate the claimed multi-language, type-aware support; helper functions (e.g., extractParams) are referenced but not provided. The capability is therefore overclaimed compared to what is shown.
Instruction Scope
SKILL.md is narrowly scoped to generating OpenAPI output and does not instruct the agent to read unrelated files, access environment variables, or transmit data externally. But the runtime guidance is minimal and vague about how code is supplied, how complex types or DTOs are handled, and how return types are inferred — giving the skill wide interpretive latitude that could produce incorrect results.
Install Mechanism
There is no install spec and no code files to be written to disk; this is an instruction-only skill, which reduces installation risk.
Credentials
The skill declares no required environment variables, credentials, or config paths — proportional for a documentation generator. Nothing asks for unrelated secrets or system credentials.
Persistence & Privilege
The skill is not marked always:true and does not request persistent/system-wide changes. It is user-invocable and can be invoked autonomously (platform default), which is expected for skills.
What to consider before installing
This skill is plausible but under-specified. The embedded implementation is a tiny JavaScript snippet that uses a crude regex and references undefined helpers (so it cannot actually handle the multi-language, type-aware extraction the description promises). Before installing or using it: (1) don't assume accuracy — test the skill on non-sensitive sample code and manually review generated OpenAPI output; (2) ask the publisher for the full implementation or source code and for details on how it handles complex types, annotations, and language-specific idioms; (3) avoid submitting confidential code to the skill until you confirm where parsing/execution happens (locally vs. external); and (4) prefer a skill that documents its parsing strategy, limitations, and test coverage. If you want a ready-to-use tool, consider well-known, open-source generators with visible implementations rather than this minimal, overpromising instruction-only skill.

Like a lobster shell, security has layers — review code before you run it.

apivk97aw233x2e181xexz024rgh4181j6z7docvk97aw233x2e181xexz024rgh4181j6z7latestvk97aw233x2e181xexz024rgh4181j6z7
676downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@honestqiao
apidoclatest
Download

API Doc Generator

自动从代码生成 API 文档。

功能

  • 分析代码中的函数/方法签名
  • 自动提取参数和返回值类型
  • 生成 OpenAPI/Swagger 格式文档
  • 支持 Python、JavaScript、TypeScript、Go

触发词

  • "生成API文档"
  • "API文档"
  • "生成接口文档"
  • "openapi"
  • "swagger"

示例

用户: 帮我把这个Python函数生成API文档
助手: (使用此skill生成OpenAPI文档)

输出格式

{
  "openapi": "3.0.0",
  "info": { "title": "API", "version": "1.0.0" },
  "paths": {
    "/users": {
      "get": {
        "summary": "获取用户列表",
        "parameters": [...],
        "responses": { "200": {...} }
      }
    }
  }
}

Comments

Loading comments...