Apimon
PassAudited by ClawScan on May 1, 2026.
Overview
APIMon appears to be a local Bash-based API activity logbook, not a hidden network monitor; it mainly stores user-entered entries in local files.
This looks acceptable as a local API activity logging tool. Before installing, confirm how the `apimon` command is installed, do not treat it as automatic uptime monitoring unless another tool performs the checks, and avoid recording tokens or sensitive API data in its logs.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user might overestimate the skill as an automated outage detector when it is primarily a manual logging/reporting tool.
The artifact frames the skill as API monitoring, but also clarifies that commands record user-provided text rather than performing active endpoint checks.
description: "Monitor API endpoints and track response times..." ... "Each command ... works as a timestamped log recorder"
Use it as a logbook unless paired with a separate endpoint-checking tool; verify actual checks before relying on it for uptime alerts.
It may be unclear which executable the agent will run or how the included script should be installed.
The package includes a shell script and the documentation assumes an `apimon` CLI, but the install mechanism and required binary are not declared.
No install spec — this is an instruction-only skill. ... Code file presence: scripts/script.sh
Confirm the script source and version before placing any `apimon` command on PATH or letting an agent invoke it.
API URLs, incident details, schema notes, or secrets typed into commands may remain on disk and appear in exports.
User-provided API notes are stored persistently in local log files and can later be searched or exported.
DATA_DIR="${HOME}/.local/share/apimon" ... echo "$ts|$input" >> "$DATA_DIR/check.log"Avoid logging API tokens, authorization headers, private customer data, or other secrets; review exports before sharing them.