Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
API Test Create
v1.0.2当用户需要根据接口规格生成API测试分析文档时使用此技能。接受OpenAPI/Swagger文档、简化接口定义或自然语言描述,基于140个常见API测试陷阱输出全面的测试分析文档,涵盖参数校验、业务逻辑、响应验证和安全测试分析点。
⭐ 0· 100·0 current·0 all-time
byautotestlite@blackbat1988
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, SKILL.md, README(s) and the provided scripts consistently describe an API test-analysis/checklist generator (parsing OpenAPI/simple definitions and producing Markdown test analysis). The code shown (generate-checklist.py, utils.py) implements parsing, test-case generation and formatting consistent with the stated purpose. However, there are clear packaging inconsistencies: tests import a module named generate_checklist and a class APITestGenerator, while the repository contains scripts/generate-checklist.py (hyphen) and the top-level class is named APITestAnalyzer. This mismatch suggests the bundle may be broken or inconsistently assembled.
Instruction Scope
SKILL.md instructions describe parsing API specs and producing test-analysis docs and do not instruct the agent to read unrelated system files, environment variables, or send data to third-party endpoints. The runtime instructions are focused on the stated task and reference only local input files and internal references (e.g., references/common-pitfalls.md).
Install Mechanism
No install spec is provided (instruction-only skill with included Python scripts). The requirements.txt lists only PyYAML (reasonable for YAML/OpenAPI parsing). No downloads from external URLs, no extracted archives, and no brew/npm installs are present. This is low-risk from an install perspective.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The code does not access environment secrets or external credential stores in the provided snippets. Requested resources are proportional to the stated functionality.
Persistence & Privilege
The skill does not request always: true and has no install-time behavior that persists or modifies other skills or system-wide configuration. It appears to be a standard user-invocable skill without elevated persistent privileges.
What to consider before installing
This package appears to implement the advertised API test analysis generator and does not request secrets or network installs, but the bundle contains clear inconsistencies that may make it unusable or indicate sloppy packaging: tests expect a module named generate_checklist and a class APITestGenerator, while the script file uses a hyphen (generate-checklist.py) and defines APITestAnalyzer. Before installing or running: 1) ask the publisher for a corrected, consistent package (matching module filenames and class names) or an official release archive; 2) review the remaining truncated files (not included here) for any networking or subprocess calls; 3) run the tool in an isolated sandbox (no production credentials) and run the unit tests to confirm behavior; 4) if you plan to integrate into CI, ensure requirements and entrypoints are fixed (rename files or provide proper module wrappers). If you do not trust the source, avoid running the scripts on systems with sensitive data.Like a lobster shell, security has layers — review code before you run it.
latestvk97d7emccy2a4ynsb94byf0gch83mq0t
License
MIT-0
Free to use, modify, and redistribute. No attribution required.