Back to skill
Skillv1.0.0
ClawScan security
Rest Api Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 11:47 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only OpenAPI spec/template generator and its requirements and instructions are consistent with that purpose.
- Guidance
- This skill is essentially a small OpenAPI template and authoring tips — it appears coherent and low-risk. Before installing, note that: (1) it does not itself parse code or access your files; to generate specs from real code your agent or other tools will need access to the codebase, so review what permissions you grant the agent; (2) the provided template is minimal and may need customization for complex APIs; (3) always test generated specs on non-production data and review outputs for accuracy. If you expect automatic code parsing or repo access, confirm how the agent will obtain that input because the SKILL.md does not describe such actions.
Review Dimensions
- Purpose & Capability
- okName, description, and SKILL.md all describe generating OpenAPI 3.0 specs and provide a template/tips. Nothing requested (no env vars, binaries, installs) is out of scope for an OpenAPI generator.
- Instruction Scope
- okSKILL.md contains a static template, usage guidance, and tips only. It does not instruct the agent to read arbitrary files, access credentials, or transmit data to external endpoints.
- Install Mechanism
- okNo install spec and no code files are included — the skill is instruction-only, so nothing is written to disk or downloaded during install.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths; this matches the simple template-based function described.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. It does not request persistent system presence or modify other skills/configuration.