OpenAI Developer Docs
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run the included helper script to retrieve documentation results.
The skill directs the agent to use a local shell wrapper. This is disclosed and central to the documentation-query purpose, with no artifact evidence of destructive or unrelated commands.
Query the MCP server via the CLI wrapper in `scripts/openai-docs-mcp.sh`
Allow the helper only for OpenAI documentation lookups and review returned source URLs when accuracy matters.
The skill may fail if curl or jq are missing, and users may not see the optional endpoint override in metadata.
The included script requires curl and jq and supports MCP_URL, so the registry metadata under-declares runtime dependencies/configuration. The behavior is still disclosed in SKILL.md/script and does not show hidden installation or remote code execution.
Required binaries (all must exist): none; Required binaries (at least one): none; Env var declarations: none
Ensure curl and jq are installed before use, and only set MCP_URL to an endpoint you trust.
Your documentation queries and fetched doc URLs are sent to the configured MCP server.
The script sends JSON-RPC payloads to an external MCP endpoint, with an environment variable allowing endpoint override. This is expected for a docs MCP client, but it means search terms and requested URLs leave the local environment.
MCP_URL="${MCP_URL:-https://developers.openai.com/mcp}" ... -X POST "$MCP_URL" ... -d "$payload"Use the default OpenAI endpoint unless you trust an override, and do not include secrets or private project data in documentation search queries.