API Design Principles
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is a coherent API-design guide with a sample FastAPI template; it does not request credentials or system access, but users should verify the external install command and harden the template before production use.
This appears safe to use as an API-design reference. If you follow the README install command, verify the GitHub source or pin it to a trusted version. If you copy the FastAPI template into a real project, tighten CORS and review production security settings first.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing from an unverified remote path could pull content different from the reviewed artifact if the source changes.
The README documents a remote GitHub-based install path while the registry lists no formal install spec. This appears user-directed, but users should verify the repository and version before installing from it.
npx add https://github.com/wpank/ai/tree/main/skills/backend/api-design-principles
Prefer installing from the registry-reviewed package or a pinned, trusted commit/tag, and review remote contents before running install commands.
If copied into a real service unchanged, the API may allow overly broad cross-origin browser access.
The template is labeled production-ready but defaults to wildcard CORS. The comment does disclose that production configuration is needed, so this is a deployment-hardening note rather than deceptive behavior.
Production-ready REST API template ... allow_origins=["*"], # Configure for production
Before production use, restrict CORS to explicit trusted origins, methods, and headers, and review all template defaults.