ClawHub

Skylv Api Tester

v1.0.0

API测试助手。测试REST API接口,验证响应、生成测试报告。使用场景:(1) 测试API接口可用性,(2) 验证响应格式和数据,(3) 性能测试,(4) 生成API文档。

0· 15·1 current·1 all-time
by@sky-lv
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (API testing, validation, performance, reports) match the SKILL.md instructions, which only describe constructing and sending HTTP requests, timing them, validating responses, and producing reports.
Instruction Scope
Instructions are limited to sending requests, measuring timings, validating response schema/fields, aggregating stats, and producing reports. They do not instruct reading local files, system state, or contacting unexpected endpoints beyond those the user supplies.
Install Mechanism
No install spec or code files are present (instruction-only), so nothing will be written to disk or installed during skill use.
Credentials
No environment variables or credentials are required by the skill metadata. SKILL.md shows support for various auth methods (Bearer, API Key, Basic, OAuth2) but does not declare required env vars — this is reasonable because credentials are typically provided per-test by the user, but users should be aware they'll need to supply any auth secrets when asked.
Persistence & Privilege
always is false and there is no install behavior that modifies system or other skills. The skill can be invoked autonomously (platform default), which is normal for skills of this type.
Assessment
This is an instruction-only API testing helper and appears to do what it says. Before using it: (1) only provide credentials (Bearer tokens, API keys, passwords) for endpoints you trust and have permission to test; the skill may ask you to include them in test requests but does not declare or store env vars itself, (2) be careful when running performance/batch tests — they generate traffic and may impact the target or violate usage policies if you don't have permission, (3) because there's no install, the main risk is what you tell the skill to test: avoid asking it to test or scan internal/credentialed services unless you intend to, and (4) if you enable autonomous invocation, restrict its allowed targets or usage to prevent it from making requests you wouldn't approve.

Like a lobster shell, security has layers — review code before you run it.

latestvk97034694gcg81hsd9qdbz80xx853z78

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧪 Clawdis

Comments