swagger-skill

智能 Swagger API 查询和调用工具。通过自然语言指令直接查询接口详情、调用 API，无需繁琐的交互步骤。

What to consider before installing/using this skill: - It is coherent with its description: it loads a Swagger/OpenAPI document and issues HTTP requests to the APIs it finds. The required node runtime and axios/form-data deps match that purpose. - The skill auto-installs npm dependencies by running npm init and npm install in the skill folder the first time it runs. That will write files and fetch packages from the npm registry — run it in a controlled environment (sandbox/container) if you are concerned about additional code being installed. - The skill will perform arbitrary HTTP requests to URLs you provide — this is necessary to call APIs but can be abused to reach internal endpoints (SSRF-like exposure). Do NOT supply sensitive machine credentials or environment tokens (e.g., cloud metadata tokens, admin credentials) to the skill unless you fully trust the runtime and the target API. - You may want to inspect the full index.js (the uploaded snippet shows a truncated upload function) to ensure there are no unexpected behaviors or logging/exfiltration paths before running it with real credentials. - If you want to reduce risk: run the skill in an isolated container, avoid pasting production secrets into the CLI, and prefer calling it against known external Swagger endpoints rather than internal network addresses. If you want, I can: (1) review the remaining/truncated portion of index.js for any networking or file I/O not yet shown, (2) list the exact npm commands it will run, or (3) suggest a hardened execution checklist for running this skill safely.

Type: OpenClaw Skill Name: swagger-skill Version: 1.0.1 The skill is classified as suspicious due to its inherent risky capabilities, which could be exploited by a malicious agent prompt. Specifically, the `uploadFile` function in `index.js` allows reading arbitrary local files (e.g., sensitive configuration or credential files) from the filesystem via `fs.createReadStream` for upload. While this is an intended feature for file uploads, it provides a powerful primitive for data exfiltration if the agent is instructed to read sensitive paths and send them to an attacker-controlled endpoint. Additionally, the skill uses `child_process.execSync` for dependency installation in `index.js`, which, while not directly vulnerable to user input in this context, is a risky primitive. The core functionality of making arbitrary network requests to user-specified URLs (`fetchSwaggerSpec`, `callAPI`) also presents a risk for SSRF or data exfiltration if abused by an agent.