ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

API Tester

API testing and monitoring skill. Test REST and GraphQL APIs, validate responses, and monitor uptime.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 58 · 0 current installs · 0 all-time installs
by@jpengcheng523-netizen
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The declared purpose (API testing/monitoring) is coherent with the examples, but the SKILL.md invokes python3 scripts (scripts/api_test.py) and local test files (./tests/api_tests.yaml) while the package contains no code and lists no required binaries; either the skill omitted its implementation or the instructions are inconsistent with what will actually run.
!
Instruction Scope
Runtime instructions direct execution of local scripts and reading of local test files and directories (scripts/, ./tests/). They also describe monitoring/alerts without specifying where alerts go or what credentials are used. This grants the agent broad discretion to access local filesystem paths and make arbitrary network requests, which is out of scope for a pure descriptive skill.
Install Mechanism
No install spec (instruction-only) — low installation risk — but that increases concern because the instructions expect on-disk scripts that are not provided. The absence of an install step makes the SKILL.md effectively a placeholder pointing to missing artifacts.
Credentials
The skill declares no required environment variables or credentials, yet typical use (authenticated APIs, alert webhooks) would require tokens/keys. The SKILL.md does not document how secrets should be provided or protected, leaving a gap between expected behavior and declared requirements.
Persistence & Privilege
The skill does not request always: true and does not declare any persistent system changes. Autonomous invocation is allowed (platform default) but is not combined here with other privilege indicators.
What to consider before installing
Do not install or enable this skill until you confirm what actual code it will run. Ask the publisher to provide the scripts/api_test.py and any test fixtures referenced, or update the SKILL.md to use only built-in/declared tools. Verify that python3 (or other required binaries) is specified as a dependency. Ask how authentication and alerting are handled — any Authorization headers, API keys, or webhook URLs should be explicitly declared and reviewed. Because the instructions read local files and run local scripts, review those script files for network calls or filesystem access before giving the skill access to sensitive environments or secrets.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk978dhx977a3yzyv29mqz5x2xn83gb7z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

API Tester

Test and monitor REST and GraphQL APIs with validation.

When to Use

  • User wants to test an API endpoint
  • Validate API responses
  • Monitor API uptime
  • Run API test suites

Features

  • REST APIs: GET, POST, PUT, DELETE, PATCH
  • GraphQL: Queries and mutations
  • Validation: JSON Schema, assertions
  • Monitoring: Uptime checks, alerts

Usage

Test REST endpoint

python3 scripts/api_test.py \
  --method GET \
  --url "https://api.example.com/users" \
  --expect-status 200

POST with body

python3 scripts/api_test.py \
  --method POST \
  --url "https://api.example.com/users" \
  --header "Content-Type: application/json" \
  --body '{"name": "Alice"}' \
  --expect-status 201

Validate response

python3 scripts/api_test.py \
  --method GET \
  --url "https://api.example.com/users/1" \
  --validate '{
    "type": "object",
    "required": ["id", "name"],
    "properties": {
      "id": {"type": "integer"},
      "name": {"type": "string"}
    }
  }'

Test GraphQL

python3 scripts/api_test.py \
  --graphql \
  --url "https://api.example.com/graphql" \
  --query '{ users { id name } }'

Run test suite

python3 scripts/api_test.py \
  --suite ./tests/api_tests.yaml

Monitor uptime

python3 scripts/api_test.py \
  --monitor \
  --url "https://api.example.com/health" \
  --interval 60

Output

{
  "success": true,
  "status_code": 200,
  "response_time_ms": 145,
  "response": {"id": 1, "name": "Alice"},
  "validation_passed": true
}

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…