ClawHub

API Test Automation

v1.0.0

Generate complete automated API test cases from interface documentation such as OpenAPI, Swagger exports, Postman collections, Markdown API docs, or endpoint...

0· 13·0 current·0 all-time
by@huahuaweiwei
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the provided files and scripts: workspace generator, test templates, and report builder are all appropriate for an API test automation skill. There are no unrelated requested binaries, env vars, or config paths in the manifest.
Instruction Scope
SKILL.md explicitly instructs the agent to generate tests, wire pre/post scripts, execute runs, and produce reports. This legitimately requires checking local environment and optionally running mutating API calls. The skill includes a safety note to confirm before running against production-like environments — users should heed that. No instructions attempt to read unrelated system files or exfiltrate data.
Install Mechanism
This is an instruction-only skill with small included Python scripts and templates; there is no install spec that downloads or executes remote artifacts. Risk from install mechanism is low.
Credentials
The skill does not declare required environment variables or credentials. Templates and workspace defaults reference common tokens (e.g., API_TOKEN, access_token) which are expected and proportional for running API tests. There are no requests for unrelated or excessive secrets.
Persistence & Privilege
always is false and the skill does not request permanent platform-level privileges or modify other skills. Normal autonomous invocation (disable-model-invocation: false) is preserved and appropriate for this type of plugin.
Assessment
This skill appears to do what it says: generate test workspaces, run tests (when asked), and build reports. Before using it: (1) review generated test cases and pre-request/post-assert scripts so they don't send unintended mutating calls or reveal secrets; (2) avoid running tests against production-like endpoints unless you explicitly want to and have confirmed safety; (3) supply credentials (tokens) via environment files or CI secrets rather than embedding them into cases; (4) ensure the chosen runner (newman/node/python/pytest) is installed in the target environment; and (5) inspect any modifications you make to templates for custom network targets — there are no hidden endpoints in the provided files, but generated cases will use whatever base_url you or the input spec provide.

Like a lobster shell, security has layers — review code before you run it.

latestvk97awqqst8gkxwbta1642grjms84dxrz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments