Yapi
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: yapi Version: 1.0.1 The skill is classified as suspicious due to its reliance on `npx -y` to download and execute an external package (`@leeguoo/yapi-mcp`) from npm, which introduces a supply chain risk. Additionally, the skill instructs the agent to read local configuration files (`~/.yapi/config.toml`) using `rg` and perform file write operations during documentation synchronization, granting significant file system access. While these actions are aligned with the stated purpose of YApi documentation management, they represent high-risk capabilities that could be exploited by a compromised `npx` package or a sophisticated prompt injection, even though the `SKILL.md` itself does not contain explicit malicious instructions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the fallback is used, code from npm may run locally and interact with YApi data or authentication state.
The skill may run an unpinned npm package when the local `yapi` command is unavailable. This is disclosed and central to the skill purpose, but it introduces normal package-provenance risk.
If missing, fallback to one-shot npx without forcing global install: npx -y @leeguoo/yapi-mcp -h
Prefer a locally installed and reviewed `yapi` CLI where possible, or verify and pin the npm package before using the fallback.
The agent may access YApi projects and interface documentation available to the logged-in account.
The skill uses YApi account authentication and references local auth cache files. This is expected for querying private YApi docs, but it means the agent may operate with the user's YApi account privileges.
Confirm auth (`yapi whoami`), then run `yapi login` only when needed. Config cache locations: - Config: `~/.yapi/config.toml` - Auth cache: `~/.yapi-mcp/auth-*.json`
Use an account or token scoped to the intended YApi projects, and avoid running this against accounts with broader access than needed.
A real sync could change API documentation visible to teammates or other YApi users.
The skill can perform a real docs sync after a dry run, which may update shared YApi documentation. The dry-run step is a useful guardrail, and the behavior matches the stated purpose.
For docs sync tasks, do `--dry-run` first, then real sync. yapi docs-sync --binding projectA --dry-run yapi docs-sync --binding projectA
Review dry-run output and explicitly approve real syncs, especially for shared or production API documentation.