APITester Agent-Driven API Testing

Name: openclaw-api-tester
Author: theshadowrose

View on ClawHub↗

Share on X Share on LinkedIn Share on Bluesky

100Critical

The API tester skill is vulnerable to

ThreatsCI SM CS BC S HITL

Behavior Analysis

Mismatch detected — The skill claims tests can be defined in 'plain English', but the provided usage examples show a structured YAML format, which is not 'plain English'.

Claims to do

APITester Agent-Driven API Testing: Test API endpoints and document responses. Define tests in plain English, run them, get formatted results. Agent-driven Postman alternative.

Actually does

This skill processes YAML-defined API tests, executing HTTP requests (GET, POST) to specified URLs (e.g., `https://api.example.com/users`). It evaluates responses against defined expectations (status codes, body content) and generates formatted test results, potentially including reports in HTML, JSON, or Markdown. It processes and stores data locally and does not transmit data externally unless configured by the user.

Threat Analysis

AI Agent Traps ↗Scanned 4/16/2026

Content InjectionPerception1 finding

Semantic ManipulationReasoning1 finding

Cognitive StateMemory & Learningclean

Behavioural ControlActionclean

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Nametheshadowrose/openclaw-api-tester

Registryclawhub

Version1.0.0

PURLpkg:clawhub/theshadowrose/openclaw-api-tester@1.0.0

Downloads1,005

Installs12

Source

Repository ↗

SHA-256c91d8116496a...

SHA-1991cf0754d72...

MD5e291323371bc...

TLSHf771e827e641...

Size3,730 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

OpenClawDocs

https://clawhub.ai/theshadowrose/openclaw-api-tester

1,005 downloads12 installs

ClawHubDocs

openclaw skills install theshadowrose/openclaw-api-tester

Assessments (2)

AI Agent Traps ↗

Prompt Injection Detectedcriticalprompt injection

DeBERTa classifier detected prompt injection (confidence: 0.99)

99% confidence

Description Mismatchlowdescription mismatch

The skill claims tests can be defined in 'plain English', but the provided usage examples show a structured YAML format, which is not 'plain English'.

85% confidence

Stated purpose: 'Define tests in plain English'. Usage section shows 'YAML test definitions'.

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/clawhub/theshadowrose/openclaw-api-tester.svg)](https://mondoo.com/ai-agent-security/skills/clawhub/theshadowrose/openclaw-api-tester)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/clawhub/theshadowrose/openclaw-api-tester"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/theshadowrose/openclaw-api-tester.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/clawhub/theshadowrose/openclaw-api-tester.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow