api2cli
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a legitimate developer automation skill, but it can install, build, link, and persist third-party CLIs/skills with limited confirmation, so it should be reviewed before use.
Install only if you are comfortable with a developer tool that runs shell commands, fetches external packages, writes local CLI files, and may publish public repositories. Before allowing an install, verify the CLI source and review the generated skill; before publishing, confirm public exposure is intended and check for secrets; protect any API tokens used by generated CLIs.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could install and activate a registry CLI when the user expected only a local scaffold to be generated.
The workflow makes installing an existing CLI the default path after a registry match, without saying to ask the user before installing and activating that external CLI.
Follow all steps in order — do not skip any... If the registry already has the CLI you need, install it instead of rebuilding it: npx api2cli install <name>
Require explicit user approval before installing any existing CLI, and show the source, version, repository, and local changes before proceeding.
Installing an untrusted CLI could run or expose code that changes the user's local environment and future agent behavior.
The install command can fetch third-party code from GitHub or a registry, build it, put it on PATH, and persist an agent skill. The reviewed artifacts do not include source pinning or a trust-review step for those external installs.
Install a CLI from a GitHub repo or from an app name found in the registry. Clones, builds, links to PATH, and symlinks the skill to agent directories.
Review the repository and generated skill before building or linking, prefer pinned versions/commits, and avoid installing unknown registry entries automatically.
Project files could become public on GitHub as part of a broader publish request.
Publishing is limited to the user-requested publish workflow, but it can automatically create a public GitHub repository as a prerequisite for npm or registry publishing.
If no remote exists → the CLI is not on GitHub yet. Automatically run the GitHub publish flow first... Push the CLI to a public GitHub repo.
Before any publish flow, confirm the user wants a public GitHub repo and verify the repository contains no secrets, private data, or unintended files.
A generated skill may remain available to agents after the initial task and may update as the source repo changes.
The skill intentionally persists generated skills into multiple agent directories so future agents can discover them.
Symlink (not copy) so the skill stays in sync with the repo... ~/.claude/skills/<app>-cli... ~/.cursor/skills/<app>-cli... ~/.openclaw/workspace/skills/<app>-cli
Review generated SKILL.md files before linking them, and remove symlinks from agent skill directories when they are no longer wanted.
API tokens may be stored locally and could be exposed in terminal output if --show is used.
Generated CLIs can manage API tokens and optionally show them unmasked; this is expected for API wrappers but sensitive.
tokens — List all configured API tokens (masked by default). npx api2cli tokens [--show]
Avoid using --show in shared logs or screen recordings, protect local token files, and use least-privilege API tokens for generated CLIs.