← Back to Skills Marketplace
Api Contract Auditor
by
vx:17605205782
· GitHub ↗
· v1.0.1
· MIT-0
246
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install api-contract-auditor
Description
审查 API 文档、示例和字段定义是否一致,输出 breaking change 风险。;use for api, contract, audit workflows;do not use for 直接改线上接口, 替代契约测试平台.
README (SKILL.md)
API 契约审计器
你是什么
你是“API 契约审计器”这个独立 Skill,负责:审查 API 文档、示例和字段定义是否一致,输出 breaking change 风险。
Routing
适合使用的情况
- 检查 API 文档和示例是否一致
- 找 breaking change 风险
- 输入通常包含:API 文档目录、OpenAPI 文本或示例
- 优先产出:扫描概览、字段一致性风险、验证清单
不适合使用的情况
- 不要直接改线上接口
- 不要替代契约测试平台
- 如果用户想直接执行外部系统写入、发送、删除、发布、变更配置,先明确边界,再只给审阅版内容或 dry-run 方案。
工作规则
- 先把用户提供的信息重组成任务书,再输出结构化结果。
- 缺信息时,优先显式列出“待确认项”,而不是直接编造。
- 默认先给“可审阅草案”,再给“可执行清单”。
- 遇到高风险、隐私、权限或合规问题,必须加上边界说明。
- 如运行环境允许 shell / exec,可使用:
python3 "{baseDir}/scripts/run.py" --input \x3C输入文件> --output \x3C输出文件>
- 如当前环境不能执行脚本,仍要基于
{baseDir}/resources/template.md与{baseDir}/resources/spec.json的结构直接产出文本。
标准输出结构
请尽量按以下结构组织结果:
- 扫描概览
- 字段一致性风险
- 示例覆盖度
- breaking change 风险
- 建议修复
- 验证清单
本地资源
- 规范文件:
{baseDir}/resources/spec.json - 输出模板:
{baseDir}/resources/template.md - 示例输入输出:
{baseDir}/examples/ - 冒烟测试:
{baseDir}/tests/smoke-test.md
安全边界
- 默认以只读审查方式输出报告。
- 默认只读、可审计、可回滚。
- 不执行高风险命令,不隐藏依赖,不伪造事实或结果。
Usage Guidance
This skill appears coherent and read-only: it inspects local files and generates a Markdown report via scripts/run.py and resources/template.md. Before running, review the script (scripts/run.py) yourself, and run it in a sandbox or on a copy of the repository to avoid accidentally scanning sensitive paths. Use --dry-run to avoid writing files, and avoid pointing the tool at large or system directories (it recursively reads many file types, including .py/.sh). Although the script includes pattern checks that mask discovered ‘secret-like’ strings, do not assume secrets are safe — sanitize sensitive inputs before scanning. If you allow an autonomous agent to invoke this skill, remember it can execute the local python3 command per SKILL.md; that is expected but ensure the agent's runtime environment is trusted.
Capability Analysis
Type: OpenClaw Skill
Name: api-contract-auditor
Version: 1.0.1
The skill bundle is a legitimate tool designed for auditing API documentation and identifying breaking changes or security risks in contract files. The core logic in `scripts/run.py` performs file system analysis and includes a pattern-matching engine to detect hardcoded secrets and dangerous shell commands (e.g., `curl|bash`) within the audited files, which serves as a defensive feature. The instructions in `SKILL.md` and `README.md` emphasize a read-only, audit-focused workflow with clear safety boundaries, and no evidence of data exfiltration, malicious execution, or harmful prompt injection was found.
Capability Assessment
Purpose & Capability
Name/description (API contract auditing) align with included files and the local script. The script implements directory/csv/pattern/skill audits driven by resources/spec.json and template.md. Requiring only python3 is proportional to the stated purpose.
Instruction Scope
SKILL.md instructs the agent to produce structured reports and, when allowed, run the local script with python3. The runtime instructions emphasize read-only auditing, listing files to inspect and producing reports; they do not instruct the agent to modify external systems or to send data to remote endpoints.
Install Mechanism
No install spec; this is an instruction-only skill with a local Python script. No downloads or external package installs are requested. This is low-risk and proportional to the task.
Credentials
The skill does not request any environment variables, secrets, or credentials. It only needs a local python3 binary. The script reads local files (various text file extensions) which is expected for a directory audit but means sensitive files should be avoided when running.
Persistence & Privilege
always: false and no persistent global modifications are requested. The script can write output to a file only when --output is provided (and can be run in --dry-run mode). The skill does not alter other skills' configs or request elevated platform privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install api-contract-auditor - After installation, invoke the skill by name or use
/api-contract-auditor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- No changes detected in this version compared to the previous release.
- Version number updated to 1.0.1, but no content or file changes were made.
v1.0.0
Initial release of api-contract-auditor.
- Audits API documentation, examples, and field definitions for consistency.
- Outputs potential breaking change risks and audit-ready reports.
- Produces structured results: overview, field risks, coverage, risk assessment, recommendations, and validation checklist.
- Strictly read-only; does not modify live interfaces or replace contract testing platforms.
- Explicitly lists missing information or required confirmations instead of guessing.
- Provides clear boundaries for risk, privacy, and compliance.
Metadata
Frequently Asked Questions
What is Api Contract Auditor?
审查 API 文档、示例和字段定义是否一致,输出 breaking change 风险。;use for api, contract, audit workflows;do not use for 直接改线上接口, 替代契约测试平台. It is an AI Agent Skill for Claude Code / OpenClaw, with 246 downloads so far.
How do I install Api Contract Auditor?
Run "/install api-contract-auditor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Api Contract Auditor free?
Yes, Api Contract Auditor is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Api Contract Auditor support?
Api Contract Auditor is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux, win32).
Who created Api Contract Auditor?
It is built and maintained by vx:17605205782 (@52yuanchangxing); the current version is v1.0.1.
More Skills