api-development
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: api-development Version: 1.0.0 The skill bundle is benign. The `SKILL.md` file, which serves as the primary instruction set for the AI agent, provides comprehensive guidance for API development, orchestrating other skills, and adhering to best practices without any evidence of prompt injection, malicious commands, or attempts to subvert the agent's purpose. The `README.md` contains installation instructions, including an `npx add` command pointing to a GitHub repository, which is a standard method for skill distribution and not an instruction for the agent to execute as part of the skill's operation. No indicators of data exfiltration, malicious execution, persistence, or obfuscation were found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with powerful development or CI/CD tools, the agent could make code, release, or deployment changes as part of the workflow.
The skill intentionally orchestrates other skills/tools and includes release/deployment steps. That is aligned with the API lifecycle purpose, but deployment and release tagging can affect real systems if the agent has those tools.
`Follow these steps in order. Each step routes to the appropriate skill or tool` ... `tag the release, update changelogs, and deploy through the pipeline.`
Require explicit user confirmation before release tags, production deployments, migrations, or other irreversible actions; review diffs and target environments before applying changes.
Following the README install path could install a version from a remote source, and global installation makes it available to future agent sessions or projects.
The README provides user-directed installation commands from an external GitHub path and optional global skill-directory copies. This is expected installation documentation, but users should trust and review the source before using it.
`npx add https://github.com/wpank/ai/tree/main/skills/api/api-development` ... `cp -r ~/.ai-skills/skills/api/api-development ~/.cursor/skills/api-development`
Prefer the reviewed registry artifact when possible, or pin and review the external source before installing; use per-project installation unless global availability is needed.