Ocli Api
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is coherent, but it gives the agent a very broad, token-backed way to call and potentially change data in any OpenAPI-described service without clear approval or scope limits.
Install only if you intentionally want your agent to operate a general-purpose API client. Use test or least-privilege tokens, avoid production/admin credentials, confirm any write/delete/public action before execution, and review or pin the external npm package before installing.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected to a powerful API token, the agent could create, change, or delete resources in third-party, internal, or production systems after selecting the wrong endpoint or parameters.
The skill gives the agent a generic CLI path to execute arbitrary API operations. The instructions include search/help guardrails, but do not distinguish read-only calls from mutating or destructive calls or require confirmation for high-impact endpoints.
Call any HTTP API described by an OpenAPI/Swagger spec as CLI commands... Execute the command: ocli <command> --param1 value1 --param2 value2
Use this only with explicit user direction, require confirmation for POST/PUT/PATCH/DELETE or production-impacting calls, and restrict profiles to the specific APIs and operations needed.
A broad or admin token could let the agent act with the user's full API privileges across connected services.
The setup uses bearer tokens stored or referenced through ocli profiles for arbitrary APIs. This is expected for the purpose, but the artifacts do not bound token privileges, provider scope, storage behavior, or safe output handling.
ocli profiles add <name> --api-base-url <BASE_URL> --openapi-spec <SPEC_URL_OR_PATH> --api-bearer-token "$TOKEN"
Use dedicated, revocable, least-privilege tokens; avoid admin or production tokens; create separate profiles per API; and inspect how ocli stores and displays profile credentials.
Installing the external package gives that package code access to the user's local environment according to normal npm/global-install behavior.
The skill is instruction-only and relies on an external globally installed npm package that is not included in the reviewed artifacts. This is central to the skill's purpose and user-directed, but it is still external code.
npm install -g openapi-to-cli
Install from a trusted source, pin a known version where possible, review the package before use, and keep it updated.