Apifox
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI09: Human-Agent Trust ExploitationWhat this means
A user looking for an Apifox-specific skill could install a YApi-focused documentation helper by mistake.
Why it was flagged
The registry presents the evaluated skill as Apifox/apifox, while the skill content identifies itself as YApi/yapi-hot-trend. This is a naming/coherence issue users should notice, though the described behavior remains limited to public documentation summaries.
Skill content
name: yapi-hot-trend ... # YApi ... homepage: `https://yapi.pro/`
Recommendation
Verify that the intended target is YApi public documentation before installing or invoking the skill.