API Development
Security checks across malware telemetry and agentic risk
Overview
This is a documentation-only API development helper with normal curl and test-script examples, but some examples can modify API data or use credentials if run as written.
This skill appears safe as an instruction-only API development reference. Before using its snippets, substitute only intended test endpoints, review any data-changing or file-upload request, and use scoped credentials rather than production secrets.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If copied or run against the wrong API environment, the examples could create, update, or delete records.
The skill documents commands and test-script steps that can delete or mutate API resources. This is expected for API testing, but it matters because running these against a real service could change data.
# DELETE curl -s -X DELETE https://api.example.com/users/123 ... assert_status DELETE /api/users/1 204
Use these snippets only with confirmed development or test endpoints, and review any POST, PUT, PATCH, DELETE, or upload command before running it.
A real token used in these commands could authorize account or API actions and may appear in shell history or shared logs if handled carelessly.
The skill includes authenticated API request examples using a bearer token. This is normal for API development, but it involves credentials that may grant access to user or service accounts.
-H "Authorization: Bearer $TOKEN"
Use scoped test tokens where possible, avoid exposing tokens in shared output, and confirm the target API and permissions before running authenticated requests.