ClawHub

api-diff

v1.0.0

Compare two OpenAPI 3.x or Swagger 2.0 specs and generate a changelog of breaking and non-breaking changes. Detect removed endpoints, new required parameters...

0· 50·0 current·0 all-time
by@charlie-morrison
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included python script's behavior: it reads two local specs, normalizes them, and emits a changelog of breaking/non-breaking changes. Required binaries/env/config are none, which is proportionate. Minor mismatch: SKILL.md claims YAML support and 'stdlib only' but the script explicitly raises an error for YAML parsing (asks to convert to JSON or install PyYAML), so YAML handling is not implemented without an extra dependency.
Instruction Scope
SKILL.md tells the agent to run python3 scripts/api_diff.py old new (and offers formats/CI flags) which matches the shipped script. The instructions do not ask the agent to read unrelated files, access environment variables, or transmit data externally. The only scope issue is the documentation/behavior mismatch around YAML and external dependency requirements: the script will exit if given YAML unless PyYAML is installed.
Install Mechanism
There is no install spec (instruction-only with a bundled script). This is low risk: nothing is downloaded or written during install. Running the tool executes the included Python file locally.
Credentials
The skill requires no environment variables, credentials, or config paths. The script reads files specified on the command line and uses standard library modules only; this is proportionate to its purpose.
Persistence & Privilege
The skill is not always-on and does not request elevated or persistent privileges. It does not modify other skills or agent configs. Autonomous invocation is allowed by default but not exceptional here and does not combine with other red flags.
Assessment
This appears to be a straightforward local API diff tool: the Python script reads two spec files and prints a changelog — no network access or secrets are requested. Two things to note before installing/running: (1) SKILL.md claims YAML is supported and 'no external dependencies', but the script actually raises an error for YAML and suggests installing PyYAML or converting to JSON — so provide JSON inputs or install PyYAML if you need YAML support; (2) the tool executes code from a bundled script, so review the script (you have it) and run it on non-sensitive inputs or in an isolated environment if you are concerned about data leakage. If you want higher assurance, request the remainder of the script (it was truncated in the package listing) to verify there are no unexpected network or subprocess calls.

Like a lobster shell, security has layers — review code before you run it.

latestvk970pm89psdc5axs2cc6e2my6n84n367

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments