ClawHub

OpenAPI to CLI

v1.0.0

Generate CLI tools from OpenAPI specs. Built for AI agents who hate writing curl commands.

3· 1.6k·1 current·1 all-time
byAaron Levin@awlevin
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name and SKILL.md describe generating CLIs from OpenAPI specs and show using a 'uvx openapi2cli generate' command — that aligns with requiring a 'uvx' binary. However the install metadata asks to install a pip package named 'uv', while the SKILL.md links to a PyPI/GitHub project called 'openapi2cli'. The package name mismatch is unexpected and unexplained.
Instruction Scope
Instructions are focused on running 'uvx openapi2cli generate' against local files or remote OpenAPI URLs and using generated CLIs with env/flag-based auth. The SKILL.md does not instruct reading unrelated system files or secrets beyond user-provided API keys. It does require network fetches of specs (expected for this purpose).
!
Install Mechanism
Install uses pip to install a package named 'uv' which will create a 'uvx' binary. This is moderate-risk (pip packages run arbitrary code at install time). More importantly, the 'uv' package name does not match the referenced project ('openapi2cli') or the GitHub/PyPI links in SKILL.md, which suggests either a typo, a misconfiguration, or a potential typosquat/supply-chain vector. No direct download URLs are used, which is better than arbitrary archives, but the package name ambiguity is problematic.
Credentials
The skill declares no required environment variables or credentials. The SKILL.md shows how a generated CLI could accept API keys via env vars or flags, which is reasonable and not a mismatch. The skill does not request unrelated credentials or paths.
Persistence & Privilege
Skill does not request always:true and does not modify other skills or system-wide settings. Normal autonomous invocation is allowed (default). No additional persistence or elevated privileges are requested.
What to consider before installing
This skill's behavior (using 'uvx' to generate CLIs from OpenAPI specs) is coherent with its description, but the install spec is inconsistent: it asks to pip-install a package named 'uv' while the README/links reference 'openapi2cli' on PyPI/GitHub. Before installing, verify the correct package name and origin: search PyPI for 'openapi2cli' and for 'uv' and inspect the package owner/release files. If you cannot confirm that the 'uv' package is the official provider of the 'uvx' tool linked in the repo, treat this as a potential typo-squatting or supply-chain risk. Prefer to: (1) install only from the confirmed project (e.g., pip install openapi2cli if that's the project), (2) review the package source code or repository and release artifacts, (3) run installation in an isolated environment (container/VM) to limit impact, or (4) decline installation until the publisher clarifies the package mapping.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔧 Clawdis
Binsuvx
latestvk978yds1dc2fgn1ahbsrcay61x80m4f1
1.6kdownloads
3stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Aaron Levin@awlevin
latest
Download

OpenAPI to CLI

Generate command-line tools from OpenAPI/Swagger specs. Perfect for AI agents that need to interact with APIs without writing curl commands.

Quick Start

# generate a CLI from any OpenAPI spec
uvx openapi2cli generate https://api.example.com/openapi.json --output my-api

# use the generated CLI
python my-api.py users list
python my-api.py users get --id 123
python my-api.py posts create --title "Hello" --body "World"

Features

  • Auto-generates CLI from OpenAPI 3.x specs
  • Supports auth: API keys, Bearer tokens, Basic auth
  • Rich help: --help on any command shows params
  • JSON output: Structured responses for parsing
  • Dry-run mode: See the request without sending

Usage

# from URL
uvx openapi2cli generate https://api.example.com/openapi.json -o my-cli

# from local file  
uvx openapi2cli generate ./spec.yaml -o my-cli

# with base URL override
uvx openapi2cli generate ./spec.json -o my-cli --base-url https://api.prod.com

Generated CLI

# set auth via env
export MY_CLI_API_KEY="sk-..."

# or via flag
python my-cli.py --api-key "sk-..." users list

# see available commands
python my-cli.py --help

# see command options
python my-cli.py users create --help

Example: GitHub API

uvx openapi2cli generate https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.json -o github-cli

python github-cli.py repos list --owner octocat

Why?

AI agents work better with CLIs than raw HTTP:

  • Discoverable commands via --help
  • Tab completion friendly
  • No need to construct JSON payloads
  • Easy to chain with pipes

Links

Comments

Loading comments...