Agent Api Stability Sentinel
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is a coherent API testing assistant, but it pushes broad live testing of every endpoint without clearly limiting use to safe test environments or requiring approval for potentially disruptive requests.
Install only if you want an agent to perform active API compatibility testing. Before use, specify staging endpoints, approved methods, test accounts, test payloads, and which destructive or load-like cases are forbidden without explicit confirmation.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If pointed at production or real customer data, the agent could create, modify, delete, rate-limit, or disrupt API-backed systems while trying to verify compatibility.
The skill mandates broad live API testing, including potentially disruptive edge cases, without specifying staging-only use, safe HTTP methods, request throttling, test data, rollback, or user approval before high-impact calls.
Make ACTUAL HTTP requests to all modified endpoints ... Test edge cases: malformed requests, large payloads, timeouts ... Every endpoint. Every scenario. No exceptions.
Use only with explicit user-approved scope, staging or sandbox endpoints, test credentials, test payloads, and clear limits on destructive or load-like requests.
Using broad or production credentials could let the agent exercise sensitive account actions during testing.
Authentication and rate-limit validation may require API credentials or delegated account access. This is purpose-aligned, but the artifact does not describe credential scope or preferred use of test accounts.
Verify auth/rate-limiting flows
Provide only least-privilege test credentials and avoid production tokens unless the exact endpoints and effects have been approved.