ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

api2cli

v1.0.1

Generate or discover a CLI + AgentSkill for any REST API. Use when: user says 'create a CLI for X', 'wrap this API', 'search if a CLI exists', 'install an ex...

0· 291·2 current·2 all-time
byMelvyn@melvynx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (api2cli) aligns with what the SKILL.md instructs: scaffold a CLI from an API, bundle/link it, and publish it. The declared capabilities (search, create, bundle, link, publish) are coherent with the files and references provided.
!
Instruction Scope
The instructions tell the agent to run networked installers (curl -fsSL https://bun.sh/install | bash), clone arbitrary GitHub repos, build/link code, read and write package.json and token files, and symlink SKILL.md into other agent directories (~/.openclaw, ~/.claude, ~/.cursor). They also reference 'API key auto-detection' and commands that list and reveal tokens (tokens --show). These actions go beyond simple 'generate a scaffold' and involve filesystem scanning, credential handling, and executing third-party code — all of which are plausible for the tool but are high-impact operations that an end user should explicitly approve and review step-by-step.
!
Install Mechanism
There is no formal install spec included (instruction-only), but the README explicitly recommends running a remote install script (bun.sh) via curl|bash. That pattern (downloading and piping a shell script to bash) is a common convenience but high risk because it executes remote code. The skill also advises running npm install/publish and running build steps that execute code from cloned repositories.
Credentials
The skill declares no required env vars or credentials, which matches the registry metadata. However, the instructions assume and instruct the agent to interact with credentialed tooling (gh, npm, clawhub, sundial-hub) and to manage token files at ~/.config/tokens/<app>-cli.txt. That behavior is reasonable for a CLI publisher, but token discovery and the ability to reveal tokens via commands (tokens --show) are sensitive and should be handled explicitly by the user.
!
Persistence & Privilege
always:false (good). Nonetheless, the workflow instructs creating persistent artifacts and symlinks into other agents' skill directories (e.g., ~/.openclaw/workspace/skills/), and performing git repo creation/push and npm publish flows. Writing into other agent directories and symlinking is coherent for integration, but it modifies other agents' state and could be surprising if done without explicit, local user approval.
Scan Findings in Context
[NO_SCAN_FINDINGS] expected: The package is instruction-only; the regex-based scanner had no code files to analyze. This absence of findings is expected but does not imply safety — the SKILL.md itself contains runtime commands that perform network, shell, and filesystem actions.
What to consider before installing
This skill appears to do what it says (create, install, link, and publish CLIs), but its runtime instructions run high-impact shell commands, download and execute remote installers (bun.sh), clone and build third-party repos, manage token files, and symlink into other agent directories. Before using it: 1) Do not let any agent run the suggested curl | bash installer without first reviewing the script (prefer manual install from a verified source). 2) Require explicit human consent for cloning/building unknown GitHub repos and for any 'npm publish' or 'gh repo create' steps. 3) Inspect ~/.config/tokens/* and ~/.cli/* before and after running commands; back up any secrets. 4) If you want to limit blast radius, run the workflow in a disposable environment or container and avoid automatic 'tokens --show' or auto-detection features. 5) When publishing, follow interactive flows yourself (the docs say the agent should stop and wait for auth); never give the agent unattended access to your GitHub/npm/ClawHub credentials. If you want broader assurance, ask the author for a signed release or a repository you can inspect locally before building.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ch2f8rtvr54zwzwrx25r3y182we2x

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments