API Design Principles
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: api-design-principles Version: 1.0.0 The skill bundle provides comprehensive documentation and a FastAPI code template for API design principles. All files, including SKILL.md and README.md, serve an educational or templating purpose without any evidence of malicious intent. The `templates/fastapi-template.py` includes a `CORSMiddleware` with `allow_origins=["*"]`, which is a common placeholder in development templates and explicitly advises configuration for production, not an indicator of malicious behavior. No data exfiltration, malicious execution, persistence, or harmful prompt injection attempts were found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing from an unverified remote path could pull content different from the reviewed artifact if the source changes.
The README documents a remote GitHub-based install path while the registry lists no formal install spec. This appears user-directed, but users should verify the repository and version before installing from it.
npx add https://github.com/wpank/ai/tree/main/skills/backend/api-design-principles
Prefer installing from the registry-reviewed package or a pinned, trusted commit/tag, and review remote contents before running install commands.
If copied into a real service unchanged, the API may allow overly broad cross-origin browser access.
The template is labeled production-ready but defaults to wildcard CORS. The comment does disclose that production configuration is needed, so this is a deployment-hardening note rather than deceptive behavior.
Production-ready REST API template ... allow_origins=["*"], # Configure for production
Before production use, restrict CORS to explicit trusted origins, methods, and headers, and review all template defaults.