LinkSKILL
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: link-skill Version: 1.0.1 LinkSKILL is a legitimate API integration tool designed to discover, authenticate, and interact with enterprise platforms using Swagger/OpenAPI specifications. The bundle consists of a configuration-driven workflow where `swagger_loader.py` fetches API definitions, `auth_manager.py` handles credential exchange and token caching, and `http_request_tool.py` executes requests. The code follows standard practices, using the `requests` library for network calls and `argparse` for CLI interaction, with sensitive data like tokens stored in local hidden JSON files (`.token_cache.json`). No evidence of malicious intent, data exfiltration, or prompt injection was found; all high-risk capabilities (network and file access) are strictly aligned with the skill's stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or user chooses the wrong endpoint or method, it could create, update, or delete data in connected enterprise systems.
The tool exposes raw HTTP execution, including mutating or destructive methods, to a complete supplied URL. The artifacts do not show an endpoint allowlist, dry-run mode, confirmation step, or other guardrail before high-impact API calls.
parser.add_argument("--method", required=True, choices=["GET", "POST", "PUT", "DELETE", "PATCH"])
parser.add_argument("--url", help="Complete request URL")
...
resp = getattr(requests, method.lower())(url, **kwargs)Require explicit confirmation for non-GET requests, restrict allowed domains/endpoints/methods, use least-privilege credentials, and consider a dry-run or review mode before execution.
A mistaken or manipulated full URL could receive the platform's Authorization token, potentially exposing an enterprise account credential to the wrong service.
When a config is loaded, the cached platform token is added to request headers, but --url can target any complete URL rather than being limited to the configured gateway. The artifacts show no host/origin check before attaching credentials.
def resolve_url(args, plat):
if args.url:
return args.url
...
token = get_cached_token(plat["_id"])
if token:
header_name = auth_cfg.get("token_header", "Authorization")
prefix = auth_cfg.get("token_prefix", "Bearer ")
headers[header_name] = f"{prefix}{token}"Only attach platform auth headers to URLs under the configured gateway, disable auth for arbitrary --url by default, and require explicit confirmation for any cross-origin request.
Secrets may appear in terminal output, agent transcripts, logs, or shared debugging material, increasing the chance of account compromise.
The authentication manager prints the full cached token and can print the full token cache. In this tool, the cached value may be a bearer token, API key, or Basic credential.
if not force and pid in cache:
...
print(entry["token"])
return entry["token"]
...
if args.show_cache:
cache = load_cache()
print(json.dumps(cache, ensure_ascii=False, indent=2))Mask tokens in output, avoid printing full caches, protect the cache file with restrictive permissions, and provide a safe command that only reports whether a token exists.
Dependency behavior depends on the installed requests package version and the user's Python environment.
The requests dependency is expected for this HTTP integration skill, but it is declared without a pinned version.
metadata: {"clawdbot":{"emoji":"🔗","requires":{"bins":["python3"],"pip":["requests"]}}}Install dependencies from a trusted package source and consider pinning reviewed versions in a controlled environment.
A stale or manipulated API spec could influence later agent decisions about which API calls to run.
The skill fetches remote Swagger/OpenAPI content, caches it locally, and prints free-form summaries/descriptions. This is purpose-aligned, but retrieved API text should be treated as untrusted data.
resp = requests.get(url, headers=headers, timeout=TIMEOUT)
spec = resp.json()
...
json.dump(spec, f, ensure_ascii=False, indent=2)
...
print(f" {op.get('summary', '')} — {op.get('description', '')}")Review discovered endpoint details before execution, refresh or clear the Swagger cache when needed, and do not treat API descriptions as instructions.