Skylv Mock Server Generator
PassAudited by ClawScan on May 3, 2026.
Overview
The skill is a coherent instruction-only mock-server helper, with disclosed local server and mock-data persistence behavior that should be kept to test environments.
This appears safe as an instruction-only development helper. Before using it, decide where the server will run, keep it limited to localhost/test environments, import OpenAPI specs only from trusted sources, and avoid putting real secrets or personal data into persisted mock responses.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent may need to choose how to run the mock server, which could introduce risk if untrusted packages or images are selected.
The documentation discloses runtime dependencies, but the registry has no install spec or required-binary declarations. This is a setup clarity note, not evidence of hidden installation.
- Node.js 18+ - Optional: Docker for containerized deployment
Use trusted Node.js/Docker sources, avoid unreviewed install commands, and pin any packages or container images if creating an implementation.
A mock server may open a local port and run generated code during development.
The skill is intended to create and run a local HTTP server. Running generated server code is expected for this purpose, but it still affects the local environment.
start mock server on port 3000
Run it only in a development environment, bind to localhost unless external access is needed, review generated routes, and stop the server when finished.
If real or sensitive sample data is used, it could remain in the mock server's stored state.
The skill explicitly supports retaining mock data between requests, which is purpose-aligned but means test data may remain available after the initial request.
Data Persistence: Store and retrieve mock data across requests
Use synthetic test data, avoid secrets or personal data, and clear any persisted mock data when testing is complete.