ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Api Tester Cn

Test and debug API endpoints from terminal. Use when checking endpoint status, validating JSON responses, comparing API versions, or running best-practice li...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 341 · 1 current installs · 2 all-time installs
by@bytesagain
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (API testing, linting, diff, templates, history) aligns with the included script and SKILL.md. The script implements the documented commands (check, validate, lint, diff, template, format, convert, report, etc.).
Instruction Scope
SKILL.md explicitly instructs running scripts/script.sh for each command. The instructions reference only the declared optional config (API_TESTER_CN_DIR) and local data paths (~/.api-tester-cn/) and do not ask the agent to read unrelated system files or external endpoints other than the user-provided API URLs.
Install Mechanism
No install spec is provided (instruction-only), and the repository contains a usable shell script. No remote downloads or archive extraction steps are present in the manifest; risk from install mechanism is low.
Credentials
No required environment variables or credentials are requested. The optional API_TESTER_CN_DIR declared in SKILL.md matches the script's DATA_DIR usage. No unrelated secrets are requested.
Persistence & Privilege
The skill is not always-enabled, does not require elevated privileges, and only creates/uses a local data directory (~/.api-tester-cn/) for history, templates, and cached responses. It does not modify other skills or global agent configuration.
Assessment
This skill appears coherent and implements the advertised CLI functionality. Before installing, review the full script (the provided file was partially truncated in the listing) to confirm there are no hidden network calls or telemetry. Be aware it will create ~/.api-tester-cn/ and log URLs, responses, and templates there—if those logs might contain sensitive info, run the tool in a restricted environment or clear the history. Confirm curl, bash, and python3 are available on the host and run the script locally to inspect behavior. If you need higher assurance, run the script in a sandbox/container and examine the remainder of the file not shown here.

Like a lobster shell, security has layers — review code before you run it.

Current versionv3.0.2
Download zip
chinesevk970nhb70wmnb6d02gh5nyn6zd82n09platestvk97c6ax3bgppcw9aqd127fh36h837eyrproductivityvk970nhb70wmnb6d02gh5nyn6zd82n09p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

api-tester-cn

API testing and debugging toolkit — check endpoint status codes, validate JSON responses, lint for best practices (HTTPS, CORS, caching), compare two API responses, manage request templates, and export test history.

Commands

check

Test an API endpoint — shows HTTP status code, response time, content type, and server header.

scripts/script.sh check "https://api.github.com"

validate

Fetch a URL and validate the JSON response. Shows structure info (keys, types, array lengths).

scripts/script.sh validate "https://jsonplaceholder.typicode.com/posts/1"

lint

Check an API endpoint for best practices — HTTPS, CORS headers, content-type, rate limiting, and caching.

scripts/script.sh lint "https://api.example.com/v1/users"

diff

Compare JSON responses from two API endpoints side by side.

scripts/script.sh diff "https://api.v1.example.com/data" "https://api.v2.example.com/data"

format

Pretty-print JSON from a file or stdin.

scripts/script.sh format response.json
cat data.json | scripts/script.sh format

convert

Convert between JSON and CSV formats.

scripts/script.sh convert json2csv data.json
scripts/script.sh convert csv2json data.csv

template

Manage reusable request templates — save, list, and run API calls.

scripts/script.sh template list
scripts/script.sh template save "github-user" GET "https://api.github.com/users/octocat"
scripts/script.sh template run "github-user"

report

Generate a summary report of all tests run — counts by type, recent activity.

scripts/script.sh report

recent

Show the most recent test entries from history.

scripts/script.sh recent 20

search

Search test history by URL or keyword.

scripts/script.sh search "github"

stats

Show usage statistics — total requests, template count, date range.

scripts/script.sh stats

export

Export test history in json, csv, or txt format.

scripts/script.sh export json

status

Show tool status — version, data directory, entry count.

scripts/script.sh status

help

scripts/script.sh help

version

scripts/script.sh version

Examples

# Quick API health check
scripts/script.sh check "https://api.github.com"
scripts/script.sh validate "https://jsonplaceholder.typicode.com/posts"
scripts/script.sh lint "https://api.github.com"

# Compare API versions
scripts/script.sh diff "https://api.v1.example.com/data" "https://api.v2.example.com/data"

# Template workflow
scripts/script.sh template save "posts" GET "https://jsonplaceholder.typicode.com/posts"
scripts/script.sh template run "posts"

Configuration

VariableRequiredDescription
API_TESTER_CN_DIRNoData directory (default: ~/.api-tester-cn/)

Data Storage

All data saved in ~/.api-tester-cn/:

  • history.log — Test history log
  • templates/ — Saved request templates
  • responses/ — Cached responses

Requirements

  • bash 4.0+
  • curl (for HTTP requests)
  • python3 (for JSON parsing)

Powered by BytesAgain | bytesagain.com | hello@bytesagain.com

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…