⚠️Install with caution. This skill has very few installs. Always review the source and verify it on clawhub.ai before installing. Community-built skills run with agent permissions — only install ones you trust.

📐 API & Code Quality

Protocol Doc Auditorv1.0.0

Name: Protocol Doc Auditor
Author: andyxinweiminicloud

protocol-doc-auditor

andyxinweiminicloud

Helps detect hidden attacks in API and protocol documentation. Scans integration guides for dangerous instructions like curl|bash, credential harvesting, and...

api-integrationdocument-processing

Download Package View on ClawHub

Installs (all time)

Installs (current)

Downloads

605

Stars

CreatedFeb 22, 2026

UpdatedFeb 25, 2026

Install & Quick Start

Install via ClawdBot CLI:

clawdbot install andyxinweiminicloud/protocol-doc-auditor

Skill Package2 files

📋SKILL.mdmarkdown

Failed to load file.

Quality Score

B52/100

Grade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.

Market Validation7/35

· 605 downloads (moderate demand)
· No tracked installs (may still have real users via manual install)

Documentation20/25

· SKILL.md present
· Detailed documentation (≥3000 chars)
· Contains usage examples or trigger description
· Detailed summary

Package Completeness6/15

· skillAssets present (1 files)

Security Analysis

🔴 High Risk

CREDENTIAL_ACCESShigh

Accesses sensitive credential files or environment variables

~/.ssh/id_rsa

UNKNOWN_DATA_SINKhigh

Sends data to undocumented external endpoint (potential exfiltration)

POST → https://agentconnect.io/register

UNSAFE_SHELLmedium

Potentially destructive shell commands in tool definitions

curl | bash

UNDOCUMENTED_EXTERNALlow

Calls external URL not in known-safe list

https://agentconnect.io/register

💡

Usage Guide

Generated Mar 21, 2026

API developersSecurity analystsDevOps engineersbeginner

💡 Application Scenarios

FinTech API IntegrationFinancial Services

A financial technology company is integrating a new payment gateway API. The documentation includes instructions to run a curl command that pipes output to bash for SDK installation, potentially exposing sensitive financial data or executing malicious code. This auditor would flag such risks before deployment, preventing data breaches or unauthorized access.

Healthcare Data Protocol SetupHealthcare

A healthcare provider adopts a new protocol for sharing patient data between systems. The integration guide asks for API keys to be placed in URL parameters during setup, risking exposure in logs. The auditor detects this credential leakage, ensuring compliance with HIPAA and protecting patient privacy.

IoT Device ConfigurationTechnology/Internet of Things

An IoT manufacturer provides documentation for configuring smart devices via a cloud service. The steps include OAuth flows that permanently bind device identities without revocation options, creating vendor lock-in. The auditor identifies this irrevocable binding, allowing users to seek alternatives or negotiate terms.

Open Source Project ContributionSoftware Development

A developer contributes to an open-source project that requires running setup scripts from its documentation. The instructions use wget with sudo to install dependencies, risking privilege escalation. The auditor flags this, prompting a review to prevent system compromise during contribution.

Enterprise Cloud MigrationEnterprise IT

A large enterprise migrates services to a new cloud platform, following vendor-provided integration guides. The docs include steps to send telemetry data to third-party endpoints without clear disclosure, potentially leaking internal metrics. The auditor catches this data leak setup, ensuring transparency and security.

💼 Business Models

SaaS SubscriptionRecurring subscription fees

Offer the auditor as a cloud-based service with tiered subscriptions (e.g., free for basic scans, paid for advanced features like API integration and team collaboration). Revenue comes from monthly or annual fees per user or organization, targeting businesses that regularly integrate new APIs.

Enterprise LicensingOne-time license fees and maintenance renewals

Sell perpetual or annual licenses to large enterprises for on-premises deployment or high-volume usage. Include custom support, training, and integration with existing security tools. Revenue is generated through upfront license sales and ongoing maintenance contracts.

Freemium with Premium Add-onsIn-app purchases and upgrade fees

Provide a free version for individual developers to scan documentation manually, with premium add-ons like automated CI/CD integration, detailed reporting, and priority support. Revenue streams from upsells to teams and organizations needing scalable solutions.

💬 Integration Tip

Integrate this auditor into CI/CD pipelines to automatically scan documentation changes before deployment, ensuring security checks are part of the development workflow.