Api Gateway
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill is aligned with API gateway management, but users should supervise any real routing, rate-limit, or authentication changes because they can affect service availability and security.
This appears to be a simple instruction-only API gateway skill with no executable code or install scripts. Before using it against real infrastructure, make sure the agent asks before applying routing, authentication, or rate-limit changes, and handle all secrets outside the chat whenever possible.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected to real gateway tooling, route or rate-limit changes could affect application availability, security, or production traffic.
These documented operations can change API routing and traffic controls. That is expected for an API gateway skill, but real use should be confirmed and scoped because mistakes could disrupt services.
`create_gateway(config)`, `add_route(gateway_id, route_config)`, `set_rate_limit(gateway_id, limit)`
Use this only with explicit user-provided gateway details, confirm before applying changes, test in staging first, and keep a rollback plan.
JWT secrets, OAuth credentials, or API keys could be exposed if pasted into chat or stored insecurely.
The skill discusses authentication mechanisms and a JWT secret placeholder. This is normal for API gateway configuration, but it involves sensitive credentials.
`认证授权 - JWT、OAuth2、API Key` and `"secret": "${JWT_SECRET}"`Keep secrets in environment variables or a secret manager, avoid pasting raw credentials into prompts, and grant only the minimum permissions needed.