智能接口工具箱
v1.1.2MockLab 是一个**智能接口工具箱**,支持 Mock 数据生成、请求转发、数据复现——接口开发调试一站式解决。 支持任意格式的接口文档(Markdown、Word、Java 源码、纯文本等)和任意结构(表格、嵌套 JSON、加密字段、数组对象等)。模型自动理解文档并驱动整个流程:解析文档 → 生成 Sch...
⭐ 1· 112·0 current·0 all-time
byLancer Lin@lancer07
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (MockLab: mock data, proxy, state, UI) match the included code and UI: mock_server.py implements a FastAPI server, a UI is embedded, schema/state are persisted. No unrelated cloud credentials or unrelated binaries are requested.
Instruction Scope
SKILL.md instructs the agent to read documents from local files, fetch URLs, or accept pasted content — this is necessary for parsing API docs. It also instructs starting a local Python server and opening http://localhost:18080. This scope is appropriate for a mock-server skill, but it does give the agent access to any document you point it at; do not feed it files containing unrelated secrets or credentials.
Install Mechanism
There is no automated install spec; the repo includes Python code, Playwright tests, and package.json but does not install dependencies automatically. The UI (ui.html) references an external CDN (https://cdn.xjietiao.com) to load a JS file — that external resource will be fetched by clients viewing the UI and should be considered a trust/untrusted origin decision. Dependencies (FastAPI, uvicorn, httpx) must be installed by the user.
Credentials
The skill requests no environment variables or external credentials, which is proportional. However, the server exposes a 'Real Proxy' feature that will forward requests (including headers) to arbitrary target addresses you configure — if you supply Authorization headers or target internal services, sensitive data can be transmitted. The server also persists schema_store/ and state_store.json on local disk.
Persistence & Privilege
always:false and no special privileges requested. The server creates local files (schema_store/, state_store.json, custom_store.json) which is expected for this functionality. It does not attempt to modify other skills or system-wide agent settings.
Assessment
This skill is internally consistent with its claimed purpose (local mock server + AI-driven schema generation). Before installing/running: 1) Review the code locally (mock_server.py, ui.html). 2) Be aware the UI loads an external CDN JS file — if you prefer, host assets locally or replace the remote script. 3) The 'Real Proxy' will forward requests (and any headers you configure) to arbitrary targets — do not forward sensitive credentials or internal endpoints you don't trust. 4) The server will create schema_store/ and state_store.json in the skill folder; those files may contain generated tokens/state—store them appropriately. 5) You must install Python dependencies (FastAPI, uvicorn, httpx) and optionally Playwright; prefer installing from official package indexes. If you want higher assurance, run the server in an isolated environment (container or VM) and audit/replace external CDN usage before exposing it to others.Like a lobster shell, security has layers — review code before you run it.
latestvk978nph34kfxnaybx3cwd6d4qs84vrag
License
MIT-0
Free to use, modify, and redistribute. No attribution required.