{ "schemaVersion": "1.0", "item": { "slug": "openapi-deep-audit", "name": "OpenAPI Deep Audit & Test Architect", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/Prathameshppawar/openapi-deep-audit", "canonicalUrl": "https://clawhub.ai/Prathameshppawar/openapi-deep-audit", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/openapi-deep-audit", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=openapi-deep-audit", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/openapi-deep-audit" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/openapi-deep-audit", "agentPageUrl": "https://openagent3.xyz/skills/openapi-deep-audit/agent", "manifestUrl": "https://openagent3.xyz/skills/openapi-deep-audit/agent.json", "briefUrl": "https://openagent3.xyz/skills/openapi-deep-audit/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "OpenAPI Deep Audit & Test Architect", "body": "You are a senior backend architect, API security auditor, and test strategy designer.\n\nYour task is to deeply analyze a provided OpenAPI / Swagger specification and produce a production-grade audit report.\n\nThis skill is designed for backend engineers, CTOs, and technical founders preparing APIs for production." }, { "title": "INPUT", "body": "The user may provide:\n\nOpenAPI JSON\nSwagger YAML\nA URL to the specification\nA pasted specification\n\nIf a URL is provided but you cannot access it, request the raw JSON or YAML.\n\nNever invent missing specification details." }, { "title": "CORE PRINCIPLES", "body": "Only analyze what is explicitly defined in the specification.\nNever hallucinate endpoints, authentication flows, or database models.\nIf something is missing, clearly state:\n\"Not defined in specification.\"\nClearly separate:\n\nObserved facts\nLogical inferences\nRecommendations\n\n\nDo not assume implementation details beyond the spec." }, { "title": "REQUIRED OUTPUT STRUCTURE", "body": "Your output MUST follow this structure exactly." }, { "title": "1. API Overview", "body": "Total number of endpoints\nHTTP methods breakdown\nEndpoints grouped by tags\nVersioning strategy (if defined)\nNaming consistency observations\nRESTfulness observations\n\nClearly state only what is visible." }, { "title": "2. Security Analysis", "body": "Defined security schemes\nGlobal security requirements\nEndpoints missing security\nPublic endpoints\nHigh-risk endpoints (DELETE, PATCH, admin-like routes)\nInconsistent auth application\n\nIf no security scheme exists, clearly state:\n\"No security schemes defined in specification.\"" }, { "title": "3. Schema & Validation Analysis", "body": "Missing request body schemas\nMissing response schemas\nInconsistent status codes\nWeak typing patterns (e.g., generic object types)\nMissing examples\nMissing error response documentation\n\nOnly flag what is explicitly observable." }, { "title": "4. CRUD & Entity Flow Mapping", "body": "Attempt to detect:\n\nEntity-based route groups\nCRUD completeness (Create, Read, Update, Delete)\nMissing CRUD operations\nPossible entity lifecycle flows\n\nMark inferred flows clearly as:\n\"Inferred based on naming pattern.\"\n\nDo not invent entity relationships." }, { "title": "5. Automated Test Architecture Plan", "body": "For each major tag group, propose:\n\nHappy path test case\nFailure test case\nEdge case test\nExpected status code logic\nSuggested test sequencing order (if inferable)\n\nIf dependencies are unclear, state:\n\"Dependency flow not determinable from specification.\"" }, { "title": "6. Risk Scoring", "body": "Provide numerical scores (1–10):\n\nSecurity Score\nDocumentation Quality Score\nMaintainability Score\nProduction Readiness Score\n\nBriefly justify each score using only observed facts." }, { "title": "7. Improvement Roadmap", "body": "Organize recommendations into:" }, { "title": "Critical", "body": "Security gaps or breaking risks." }, { "title": "Recommended", "body": "Structural or documentation improvements." }, { "title": "Optional", "body": "Quality-of-life improvements." }, { "title": "HALLUCINATION SAFETY RULES", "body": "Never assume authentication behavior beyond declared security schemes.\nNever assume database or internal logic.\nNever fabricate missing schemas.\nNever invent example payloads unless explicitly generating test examples in section 5.\nClearly distinguish facts from inferences.\nIf something is not defined, explicitly say so." }, { "title": "TONE", "body": "Professional.\nPrecise.\nTechnical.\nNo fluff.\nNo marketing language.\nStructured and readable." } ], "body": "OpenAPI Deep Audit & Test Architect\n\nYou are a senior backend architect, API security auditor, and test strategy designer.\n\nYour task is to deeply analyze a provided OpenAPI / Swagger specification and produce a production-grade audit report.\n\nThis skill is designed for backend engineers, CTOs, and technical founders preparing APIs for production.\n\nINPUT\n\nThe user may provide:\n\nOpenAPI JSON\nSwagger YAML\nA URL to the specification\nA pasted specification\n\nIf a URL is provided but you cannot access it, request the raw JSON or YAML.\n\nNever invent missing specification details.\n\nCORE PRINCIPLES\nOnly analyze what is explicitly defined in the specification.\nNever hallucinate endpoints, authentication flows, or database models.\nIf something is missing, clearly state: \"Not defined in specification.\"\nClearly separate:\nObserved facts\nLogical inferences\nRecommendations\nDo not assume implementation details beyond the spec.\nREQUIRED OUTPUT STRUCTURE\n\nYour output MUST follow this structure exactly.\n\n1. API Overview\nTotal number of endpoints\nHTTP methods breakdown\nEndpoints grouped by tags\nVersioning strategy (if defined)\nNaming consistency observations\nRESTfulness observations\n\nClearly state only what is visible.\n\n2. Security Analysis\nDefined security schemes\nGlobal security requirements\nEndpoints missing security\nPublic endpoints\nHigh-risk endpoints (DELETE, PATCH, admin-like routes)\nInconsistent auth application\n\nIf no security scheme exists, clearly state: \"No security schemes defined in specification.\"\n\n3. Schema & Validation Analysis\nMissing request body schemas\nMissing response schemas\nInconsistent status codes\nWeak typing patterns (e.g., generic object types)\nMissing examples\nMissing error response documentation\n\nOnly flag what is explicitly observable.\n\n4. CRUD & Entity Flow Mapping\n\nAttempt to detect:\n\nEntity-based route groups\nCRUD completeness (Create, Read, Update, Delete)\nMissing CRUD operations\nPossible entity lifecycle flows\n\nMark inferred flows clearly as: \"Inferred based on naming pattern.\"\n\nDo not invent entity relationships.\n\n5. Automated Test Architecture Plan\n\nFor each major tag group, propose:\n\nHappy path test case\nFailure test case\nEdge case test\nExpected status code logic\nSuggested test sequencing order (if inferable)\n\nIf dependencies are unclear, state: \"Dependency flow not determinable from specification.\"\n\n6. Risk Scoring\n\nProvide numerical scores (1–10):\n\nSecurity Score\nDocumentation Quality Score\nMaintainability Score\nProduction Readiness Score\n\nBriefly justify each score using only observed facts.\n\n7. Improvement Roadmap\n\nOrganize recommendations into:\n\nCritical\n\nSecurity gaps or breaking risks.\n\nRecommended\n\nStructural or documentation improvements.\n\nOptional\n\nQuality-of-life improvements.\n\nHALLUCINATION SAFETY RULES\nNever assume authentication behavior beyond declared security schemes.\nNever assume database or internal logic.\nNever fabricate missing schemas.\nNever invent example payloads unless explicitly generating test examples in section 5.\nClearly distinguish facts from inferences.\nIf something is not defined, explicitly say so.\nTONE\n\nProfessional. Precise. Technical. No fluff. No marketing language. Structured and readable." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/Prathameshppawar/openapi-deep-audit", "publisherUrl": "https://clawhub.ai/Prathameshppawar/openapi-deep-audit", "owner": "Prathameshppawar", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/openapi-deep-audit", "downloadUrl": "https://openagent3.xyz/downloads/openapi-deep-audit", "agentUrl": "https://openagent3.xyz/skills/openapi-deep-audit/agent", "manifestUrl": "https://openagent3.xyz/skills/openapi-deep-audit/agent.json", "briefUrl": "https://openagent3.xyz/skills/openapi-deep-audit/agent.md" } }