Neckr0ik Api Wrapper
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This API-wrapper generator is useful and mostly purpose-aligned, but untrusted API specs can influence persistent generated skill files and the output path handling appears insufficiently constrained.
Before using this skill, only generate from OpenAPI specs you trust, pass a safe explicit `--name` and `--output`, review the generated SKILL.md and scripts before installing them, and restrict generated wrappers to the endpoints and credentials you actually need.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or malformed spec title, or unsafe name argument, could cause generated files to be written outside the intended output directory or overwrite existing skill files.
The generated output directory is derived from a user-supplied name or OpenAPI title, and the visible code does not show rejection of '..', path separators, absolute paths, or overwrite protection before creating directories and writing files.
title=info.get('title', 'API').replace(' ', '-').lower(), ... skill_name = name or spec.title
skill_dir = self.output_dir / skill_name
skill_dir.mkdir(parents=True, exist_ok=True)Use only safe skill names, set an explicit output directory, and review generated paths. The skill should sanitize names, reject path traversal, resolve paths under the output directory, and ask before overwriting files.
A generated skill may expose create, update, or delete actions on third-party accounts once credentials are configured, and an agent could later invoke those operations if the generated skill is installed.
The generator accepts mutating HTTP methods and appends them as endpoints by default; the artifacts do not show a default read-only mode or required approval step for generated destructive/account-changing operations.
if method.upper() not in ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS', 'HEAD']:
continue
...
endpoints.append(endpoint)Prefer `--include` for a small set of intended endpoints, review generated operations, and avoid high-privilege credentials. The generator should mark mutating operations clearly and require explicit opt-in or confirmation for them.
If an OpenAPI spec contains prompt-injection text or misleading instructions, that content could be preserved in a generated skill and later trusted by the agent.
OpenAPI-provided descriptions and endpoint summaries are inserted into generated SKILL.md content, which can become persistent instructions or context for future agent runs.
description: {spec.description[:200] if spec.description else f"OpenClaw skill for {spec.title} API"}. Auto-generated from OpenAPI spec.
...
{spec.description or f"Interact with {spec.title} API from OpenClaw."}
...
{endpoints_list}Generate only from trusted specs, inspect generated SKILL.md before installation, and sanitize or quote external spec text so it is treated as documentation rather than authoritative instructions.
Generated skills can act with whatever authority the configured API credentials grant.
Credential handling is expected for an API-wrapper generator, but generated skills may later use sensitive API keys, bearer tokens, Basic Auth, or OAuth credentials.
- **Handles authentication** — API keys, OAuth, Bearer tokens
Use least-privilege API keys or test credentials where possible, and verify that generated clients do not log, expose, or overuse credentials.
Future installs may resolve different dependency versions than the publisher tested.
The dependencies are declared with broad lower-bound version ranges rather than exact pinned versions, which is common but less reproducible.
"dependencies": {
"pyyaml": ">=6.0",
"requests": ">=2.28.0"
}Install in an isolated environment and prefer pinned dependency versions or a lockfile for repeatable builds.