swagger-skill

What to consider before installing/using this skill: - It is coherent with its description: it loads a Swagger/OpenAPI document and issues HTTP requests to the APIs it finds. The required node runtime and axios/form-data deps match that purpose. - The skill auto-installs npm dependencies by running npm init and npm install in the skill folder the first time it runs. That will write files and fetch packages from the npm registry — run it in a controlled environment (sandbox/container) if you are concerned about additional code being installed. - The skill will perform arbitrary HTTP requests to URLs you provide — this is necessary to call APIs but can be abused to reach internal endpoints (SSRF-like exposure). Do NOT supply sensitive machine credentials or environment tokens (e.g., cloud metadata tokens, admin credentials) to the skill unless you fully trust the runtime and the target API. - You may want to inspect the full index.js (the uploaded snippet shows a truncated upload function) to ensure there are no unexpected behaviors or logging/exfiltration paths before running it with real credentials. - If you want to reduce risk: run the skill in an isolated container, avoid pasting production secrets into the CLI, and prefer calling it against known external Swagger endpoints rather than internal network addresses. If you want, I can: (1) review the remaining/truncated portion of index.js for any networking or file I/O not yet shown, (2) list the exact npm commands it will run, or (3) suggest a hardened execution checklist for running this skill safely.