API Tester
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only API testing skill is aligned with its purpose, but users should review any state-changing API calls and note that the referenced helper script is not included.
This skill appears benign for API testing. Before installing or using it, check that any referenced helper script is trustworthy, and be careful with POST, PUT, PATCH, DELETE, or GraphQL mutation tests, especially against production services or when using authorization headers.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used against a real service with valid credentials, some test requests could create, modify, or delete data.
The skill supports API operations that can change or delete remote data. This is expected for an API testing skill, but users should ensure mutating requests are intended and aimed at safe test or approved environments.
- **REST APIs**: GET, POST, PUT, DELETE, PATCH - **GraphQL**: Queries and mutations
Confirm the target API, method, headers, and environment before running non-GET requests or GraphQL mutations.
The commands may fail unless the helper script exists, or a user may need to supply or verify the script separately.
The documentation repeatedly references a local helper script, but the provided artifact set contains only SKILL.md and no install spec or code files. This is a provenance and completeness gap rather than evidence of hidden behavior.
python3 scripts/api_test.py
Before use, verify the source and contents of any scripts/api_test.py file you intend to run.