ClawHub

Frontend Backend Flow Test

v0.3.1

Audit-first frontend-backend contract analyzer for static API compatibility checks. Compare frontend request behavior with backend endpoint contracts, DTO hi...

0· 63·0 current·0 all-time
byjalim@dlawnsdk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included artifacts: the repo contains static-extraction and comparison code (frontend and backend extractors, compare, report) and a secondary test generator. No extraneous credentials, cloud APIs, or unrelated binaries are requested.
Instruction Scope
SKILL.md and README instruct an 'audit-first' static workflow (run scripts/audit_contracts.py) and explicitly restrict live verification to narrow dev/staging use. The runtime instructions only operate on user-supplied frontend/backend paths and write reports to the specified output-dir. Caution: there is a separate generate_tests.py live helper (experimental) — running it may perform network calls against target services when used; the docs clearly flag this as opt-in and risky for production.
Install Mechanism
No install spec is declared (instruction-only from a platform perspective) and the skill bundles Python scripts. There is no external download/install-from-URL. Executing the included Python scripts will read repo files and write reports; that's expected for this tool.
Credentials
The skill declares no required environment variables, credentials, or config paths. The code sets a local AUDIT_EXCLUDE_PARTS env var only to pass exclude settings into file iteration logic. There are no requests for unrelated secrets or broad environment access.
Persistence & Privilege
The skill does not request permanent/always-on presence (always:false). It does not modify other skills or system-wide agent settings in the provided files. It writes output to the user-specified output directory only when run.
Assessment
This skill appears to do what it says: static code scanning to surface API mismatches and a cautious, opt-in live-check helper. Before running: (1) run static audits only (scripts/audit_contracts.py) on local copies of your frontend/backend roots and examine the generated audit-report.json/md; (2) review scripts/generate_tests.py before using live mode and only run it against safe dev/staging endpoints with test credentials; (3) be aware the tool reads your codebase (the frontend/backend paths you pass) and writes report files to the provided output-dir; (4) do not run any live/write modes against production or sensitive systems without explicit safeguards and inspection. If you want higher assurance, paste the contents of scripts/generate_tests.py here for a quick review of its network and credential behavior before using live mode.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dtpw2prsq6h5r0qzg0v3v9583qeen

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments