API Health Checker
PassAudited by ClawScan on May 10, 2026.
Overview
This is a transparent instruction-only API testing helper, but it can send authenticated and potentially state-changing requests if you supply such endpoints or tokens.
This skill appears safe to install as an instruction-only API health checker. Before using it, make sure the endpoints are ones you intend to test, avoid destructive methods on production systems unless explicitly desired, and use least-privilege test credentials.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used against production or sensitive endpoints, health checks could create, update, or delete API-side data depending on the method and endpoint.
The skill explicitly allows outbound HTTP requests, including methods such as POST, PUT, and DELETE that may change or delete data on an API. This is disclosed and purpose-aligned for API testing, but users should scope it carefully.
**Endpoint Testing** — Send HTTP requests (GET, POST, PUT, DELETE) to specified API endpoints
Use read-only or test endpoints when possible, confirm any POST/PUT/DELETE requests before running them, and prefer sandbox or least-impact API credentials.
Requests may be made with the same permissions as the supplied API key or token.
The skill may use user-provided API credentials to test authenticated endpoints. This is expected for the stated purpose, and the artifacts do not show credential storage, leakage, or unrelated use.
**Authentication Support** — Handle API keys, Bearer tokens, and basic auth headers
Provide only credentials intended for the target API, prefer least-privilege or temporary test tokens, and avoid sharing production secrets unless necessary.