Openapi Validator
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill appears to review OpenAPI files in a local project and does not show credential collection, persistence, or unsafe behavior.
This looks safe for normal OpenAPI review. Run it against the intended project or provide the specific spec file, especially if your repository contains private API details.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked in a broad directory, the agent may look for API spec files outside the intended project.
The skill documents local command use to discover OpenAPI/Swagger files. This is expected for a validator, but it means the agent may inspect files in the current directory tree.
find . -name "openapi.*" -o -name "swagger.*" -o -name "api-spec.*" | head -10
Invoke the skill from the specific project folder you want reviewed, or provide the exact OpenAPI file path.