ClawHub

API Development

v1.0.0

Scaffold, test, document, and debug REST and GraphQL APIs. Use when the user needs to create API endpoints, write integration tests, generate OpenAPI specs, test with curl, mock APIs, or troubleshoot HTTP issues.

8· 7.6k·42 current·45 all-time
by@gitgoodordietrying
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description (scaffolding, testing, mocking, OpenAPI generation, debugging) match the SKILL.md contents: curl examples, test runners, and guidance for API workflows are present and expected.
Instruction Scope
The instructions are focused on API tasks (curl, test scripts, OpenAPI generation). However, examples and scripts reference use of Authorization headers (Bearer $TOKEN), file uploads (file=@document.pdf), and piping through jq — which mean the agent or user will supply credentials and local files when following examples. The SKILL.md does not instruct the agent to read arbitrary system files or secrets, but the examples do assume access to user files and environment variables.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so nothing is written to disk by the skill itself (lowest install risk).
Credentials
The skill declares no required environment variables, but examples use $TOKEN and the test scripts expect a reachable BASE URL and local files. Also many examples and the assert_json helper pipe output through jq, yet jq is not declared in the 'required binaries' metadata. The lack of declared env/binary requirements for jq and example tokens is an inconsistency to be aware of.
Persistence & Privilege
Defaults are used (always:false, model invocation allowed). The skill does not request persistent installation or elevated platform privileges.
What to consider before installing
This skill appears to be what it says — a collection of API development recipes — but check a few things before using it: 1) Examples show Authorization: Bearer $TOKEN and file uploads; don't paste real credentials or point tests at production endpoints. 2) The SKILL.md uses jq in many examples but jq is not listed as a required binary — install jq or remove those pipes before running. 3) Review test scripts to ensure they target a safe endpoint (localhost or a test environment) and that any file uploads (file=@...) are intended. 4) Because this is instruction-only, no code is installed, but following commands will make network requests — make sure you trust the target URL. If you want higher assurance, request an explicit list of required tools (jq, jq version), any Node-based scaffolding commands, and confirmation of whether any instructions will read local files beyond what you supply.

Like a lobster shell, security has layers — review code before you run it.

latestvk979wv3bte4qxx9ch39daz33ws80f8r8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔌 Clawdis
OSLinux · macOS · Windows
Any bincurl, node, python3

Comments