Scaffold, test, document, and debug REST and GraphQL APIs. Use when the user needs to create API endpoints, write integration tests, generate OpenAPI specs, test with curl, mock APIs, or troubleshoot HTTP issues.
Security Analysis
medium confidenceThe skill is largely coherent with its stated purpose (API development) but contains small inconsistencies and omissions (examples reference shell tools and environment variables that are not declared) that merit caution before use.
Name and description (scaffolding, testing, mocking, OpenAPI generation, debugging) match the SKILL.md contents: curl examples, test runners, and guidance for API workflows are present and expected.
The instructions are focused on API tasks (curl, test scripts, OpenAPI generation). However, examples and scripts reference use of Authorization headers (Bearer $TOKEN), file uploads ([email protected]), and piping through jq — which mean the agent or user will supply credentials and local files when following examples. The SKILL.md does not instruct the agent to read arbitrary system files or secrets, but the examples do assume access to user files and environment variables.
This is an instruction-only skill with no install spec or code files, so nothing is written to disk by the skill itself (lowest install risk).
The skill declares no required environment variables, but examples use $TOKEN and the test scripts expect a reachable BASE URL and local files. Also many examples and the assert_json helper pipe output through jq, yet jq is not declared in the 'required binaries' metadata. The lack of declared env/binary requirements for jq and example tokens is an inconsistency to be aware of.
Defaults are used (always:false, model invocation allowed). The skill does not request persistent installation or elevated platform privileges.
Guidance
This skill appears to be what it says — a collection of API development recipes — but check a few things before using it: 1) Examples show Authorization: Bearer $TOKEN and file uploads; don't paste real credentials or point tests at production endpoints. 2) The SKILL.md uses jq in many examples but jq is not listed as a required binary — install jq or remove those pipes before running. 3) Review test scripts to ensure they target a safe endpoint (localhost or a test environment) and that any file uploads (file=@...) are intended. 4) Because this is instruction-only, no code is installed, but following commands will make network requests — make sure you trust the target URL. If you want higher assurance, request an explicit list of required tools (jq, jq version), any Node-based scaffolding commands, and confirmation of whether any instructions will read local files beyond what you supply.
Latest Release
v1.0.0
Initial release - REST/GraphQL API scaffolding, curl testing, OpenAPI spec generation, mock servers, Express scaffolding, and HTTP debugging patterns.
More by @gitgoodordietrying
Published by @gitgoodordietrying on ClawHub
