Secure Api Starter
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears to be a brief API-template guide, but its quick-start references a script that is not included, so verify any script before running it.
This skill does not show malicious behavior in the provided artifacts. Treat it as incomplete documentation rather than a ready-to-run template unless the missing generator script is supplied and reviewed. Do not run ./create-api.sh from an arbitrary directory without verifying the file.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could accidentally run an unrelated or untrusted local script if they follow the command without confirming what ./create-api.sh is.
The quick-start depends on a local helper script, but the supplied artifact set contains no code files, so the implementation and provenance of that setup step are not reviewable here.
./create-api.sh my-api
Only run create-api.sh after confirming where it came from and reviewing its contents; the package should include the referenced script or adjust the documentation.