Swagger Generator
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is a Review item because the included script appears to persist user inputs locally and its implemented behavior does not match the advertised OpenAPI generator commands.
Review this skill before installing or invoking it. Confirm what `swagger-generator` actually runs, avoid entering confidential API details unless you accept local logging under `~/.local/share/swagger-generator`, and consider clearing that directory after testing.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may expect OpenAPI documents to be generated, but the provided implementation shown may instead record the supplied text and provide generic log/export functions.
The advertised capability and command set do not line up with the included script behavior shown in the artifacts, which may mislead a user or agent about what the skill actually does.
SKILL.md: "Generate complete OpenAPI 3.0/Swagger specification documents" and commands include `spec`, `endpoint`, `model`, `crud`; scripts/script.sh help lists "check", "validate", "generate", "format", "lint", "export" and saves inputs with "Saved. Total generate entries".
Verify the actual installed command and require the skill to either implement the documented OpenAPI commands or update the documentation to accurately describe the script's behavior.
Endpoint descriptions, schema details, server names, or authentication-related design notes entered into the tool could remain on disk and later be searched or exported.
The script persistently stores user-provided command input in local log files under the home directory. SKILL.md does not disclose this retention behavior.
DATA_DIR="${HOME}/.local/share/swagger-generator"; mkdir -p "$DATA_DIR"; echo "$ts|$input" >> "$DATA_DIR/generate.log"; _log "generate" "$input"Do not enter sensitive API details unless local retention is acceptable. The skill should disclose logging, provide retention/deletion controls, and avoid saving inputs by default unless the user opts in.
The agent or user may run a different `swagger-generator` command from the environment, or the included script may not be installed as expected.
The package includes a shell script and documents a CLI, but no install mechanism or required binary is declared, creating uncertainty about how the documented command is provided.
Install specifications: "No install spec — this is an instruction-only skill." Code file presence: "scripts/script.sh".
Before use, confirm exactly which executable will run and how it is installed; maintainers should declare the install path or remove unused code.