Skip to content
← Registry
Trust Report

api-designer

Use when designing REST or GraphQL APIs, creating OpenAPI specifications, or planning API architecture. Invoke for resource modeling, versioning strategies, pagination patterns, error handling standards.

91
SUSPICIOUS
Format: openclawScanner: v0.7.1Duration: 36msScanned: 7d ago · Apr 2, 2:04 AMSource →
Open community →Automate with the API →Join the discussion →Jump to findings →
Embed this badge
AgentVerus SUSPICIOUS 91AgentVerus SUSPICIOUS 91AgentVerus SUSPICIOUS 91
[![AgentVerus](https://agentverus.ai/api/v1/skill/949ebafb-da71-4235-b9f0-dc1a7bdebaa3/badge)](https://agentverus.ai/skill/949ebafb-da71-4235-b9f0-dc1a7bdebaa3)
Community Discussion

Community Comments

Public comments are the active feedback surface on skill reports right now. Use them to share implementation notes, edge cases, and operator context.

0 comments

Sign in to comment on this skill

No comments yet. Be the first to share your thoughts.

Continue the workflow

Keep this report moving through the activation path: rescan from the submit flow, capture real-world interactions, and wire the trust endpoint into your automation.

Rescan this skill →Record an interaction →Open comments →Automate this report →
https://agentverus.ai/api/v1/skill/949ebafb-da71-4235-b9f0-dc1a7bdebaa3/trust
Personalized next commands

Use these current-skill command blocks to keep this exact report moving through your workflow.

Record an interaction
curl -X POST https://agentverus.ai/api/v1/interactions \
  -H "Authorization: Bearer at_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"agentPlatform":"openclaw","skillId":"949ebafb-da71-4235-b9f0-dc1a7bdebaa3","interactedAt":"2026-03-15T12:00:00Z","outcome":"success"}'
Fetch trust JSON
curl https://agentverus.ai/api/v1/skill/949ebafb-da71-4235-b9f0-dc1a7bdebaa3/trust

Category Scores

78
Permissions
100
Injection
100
Dependencies
75
Behavioral
95
Content
100
Code Safety

Findings (7)

infoError handling instructions present

The skill includes error handling instructions for graceful failure.

Error handling patterns detected

Keep these error handling instructions.

contentASST-09
highCapability contract mismatch: inferred file read is not declared-6

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: references/

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
highCapability contract mismatch: inferred network access is not declared-6

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: webhook

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-04
highCapability contract mismatch: inferred documentation ingestion is not declared-10

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: references/

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
highLocal file access detected (inside code block)-15

Found local file access pattern: "references/"

| REST Patterns | `references/rest-patterns.md` | Resource design, HTTP methods, HATEOAS |

Treat local file browsing as privileged access. Restrict it to explicit user-approved paths and avoid combining it with unrestricted browser/session reuse.

behavioralASST-03
mediumFederated auth flow detected-10

Found federated auth flow pattern: "OAuth"

REST architecture, OpenAPI 3.1, GraphQL, HTTP semantics, JSON:API, HATEOAS, OAuth 2.0, JWT, RFC 7807 Problem Details, API versioning patterns, pagination strategies, rate limiting, webhook design, SDK

Treat OAuth, 2FA, and token-refresh guidance as authentication-sensitive workflows. Explain scope, storage, and refresh behavior clearly so agents do not handle more credential material than necessary.

behavioralASST-05
infoSafety boundaries defined

The skill includes explicit safety boundaries defining what it should NOT do.

Safety boundary patterns detected in content

Keep these safety boundaries. They improve trust.

contentASST-09