Swagger Generator
v2.0.1Generate OpenAPI 3.0 specs from endpoint descriptions. Use when validating APIs, generating docs, formatting YAML, checking schemas, linting contracts.
⭐ 0· 300·0 current·0 all-time
bybytesagain4@xueyetianya
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (OpenAPI/Swagger generation) match the provided CLI-like instructions (spec, endpoint, model, crud, auth, etc.) and the included script implements matching commands for generating, validating, formatting, linting, exporting and similar operations.
Instruction Scope
SKILL.md describes command usage but does not mention that the shipped script persistently logs all command inputs. scripts/script.sh records inputs (timestamp|input) into files under $HOME/.local/share/swagger-generator and provides export/search features; this is within the skill's functional scope but is an implementation detail users should be aware of because it can capture sensitive text the user passes to the tool.
Install Mechanism
No install spec and no external downloads; the skill is instruction-plus-a-local-shell-script only, so nothing is fetched from third-party hosts at install time.
Credentials
The skill requests no environment variables or credentials (none declared). However, the script persists arbitrary user inputs to a local data directory; if users include credentials or tokens in endpoint descriptions, those will be stored on disk. There are no requests for unrelated external credentials.
Persistence & Privilege
The script creates and writes to $HOME/.local/share/swagger-generator (history.log and per-command .log files) and can export those logs to JSON/CSV/TXT. always:false and no elevated privileges. Persistence is limited to the user's home directory, but it does retain copies of provided inputs until deleted.
Assessment
This skill is coherent with its stated purpose and does not try to access external credentials or network resources. However, the included script logs every command input to $HOME/.local/share/swagger-generator (per-command .log files and history.log) and can export those logs. Before using: (1) avoid entering real secrets/API keys or sensitive request bodies into the tool; (2) inspect the script if you want to change the DATA_DIR location or file permissions; (3) if you do use it with sensitive data, delete the data directory afterward (rm -rf ~/.local/share/swagger-generator) or modify the script to store logs in a secure location; (4) if you need a stricter privacy posture, run the SKILL.md instructions without executing the shipped script or ask the author for a version that does not persist inputs.Like a lobster shell, security has layers — review code before you run it.
latestvk9704yyph61mtazp2dsqyksx2n835q8eproductivityvk97f436qte2k8n3tmnkv7wcy9982ratv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.