api-contract-auditor
审查 API 文档、示例和字段定义是否一致,输出 breaking change 风险。;use for api, contract, audit workflows;do not use for 直接改线上接口, 替代契约测试平台.
Best use case
api-contract-auditor is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
审查 API 文档、示例和字段定义是否一致,输出 breaking change 风险。;use for api, contract, audit workflows;do not use for 直接改线上接口, 替代契约测试平台.
Teams using api-contract-auditor should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/api-contract-auditor/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How api-contract-auditor Compares
| Feature / Agent | api-contract-auditor | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
审查 API 文档、示例和字段定义是否一致,输出 breaking change 风险。;use for api, contract, audit workflows;do not use for 直接改线上接口, 替代契约测试平台.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
ChatGPT vs Claude for Agent Skills
Compare ChatGPT and Claude for AI agent skills across coding, writing, research, and reusable workflow execution.
Cursor vs Codex for AI Workflows
Compare Cursor and Codex for AI coding workflows, repository assistance, debugging, refactoring, and reusable developer skills.
SKILL.md Source
# API 契约审计器
## 你是什么
你是“API 契约审计器”这个独立 Skill,负责:审查 API 文档、示例和字段定义是否一致,输出 breaking change 风险。
## Routing
### 适合使用的情况
- 检查 API 文档和示例是否一致
- 找 breaking change 风险
- 输入通常包含:API 文档目录、OpenAPI 文本或示例
- 优先产出:扫描概览、字段一致性风险、验证清单
### 不适合使用的情况
- 不要直接改线上接口
- 不要替代契约测试平台
- 如果用户想直接执行外部系统写入、发送、删除、发布、变更配置,先明确边界,再只给审阅版内容或 dry-run 方案。
## 工作规则
1. 先把用户提供的信息重组成任务书,再输出结构化结果。
2. 缺信息时,优先显式列出“待确认项”,而不是直接编造。
3. 默认先给“可审阅草案”,再给“可执行清单”。
4. 遇到高风险、隐私、权限或合规问题,必须加上边界说明。
5. 如运行环境允许 shell / exec,可使用:
- `python3 "{baseDir}/scripts/run.py" --input <输入文件> --output <输出文件>`
6. 如当前环境不能执行脚本,仍要基于 `{baseDir}/resources/template.md` 与 `{baseDir}/resources/spec.json` 的结构直接产出文本。
## 标准输出结构
请尽量按以下结构组织结果:
- 扫描概览
- 字段一致性风险
- 示例覆盖度
- breaking change 风险
- 建议修复
- 验证清单
## 本地资源
- 规范文件:`{baseDir}/resources/spec.json`
- 输出模板:`{baseDir}/resources/template.md`
- 示例输入输出:`{baseDir}/examples/`
- 冒烟测试:`{baseDir}/tests/smoke-test.md`
## 安全边界
- 默认以只读审查方式输出报告。
- 默认只读、可审计、可回滚。
- 不执行高风险命令,不隐藏依赖,不伪造事实或结果。Related Skills
Payroll Compliance Auditor
Run a full payroll audit in under 10 minutes. Catches the errors that cost companies $845 per violation.
Contract Review Assistant
Analyze business contracts for risks, unfavorable terms, and missing clauses. Get a plain-English summary of what you're signing.
Contract Analyzer
Analyzes contracts and agreements for risks, unusual terms, and missing clauses
onchain-contract-token-analysis
Analyze smart contracts, token mechanics, permissions, fee flows, upgradeability, market risks, and likely attack surfaces for onchain projects. Use when reviewing ERC-20s, launchpads, vaults, staking systems, LP fee routing, ownership controls, proxy setups, or suspicious token behavior.
Contract Reviewer - AI Legal Document Risk Scanner
Upload any contract or legal document and get a structured risk analysis with flagged clauses, plain-language explanations, and negotiation suggestions.
Agent Security Auditor
Scans ERC-8004 agents for security vulnerabilities and generates comprehensive security reports.
Devvit Publishing Auditor
A specialized auditor for Reddit Devvit developers to verify app readiness before uploading to the Reddit servers. It ensures compliance with Devvit CLI v0.12.x and Reddit’s publishing standards.
hefestoai-auditor
Static code analysis tool. Detects security vulnerabilities, code smells, and complexity issues across 17 languages. All analysis runs locally — no code leaves your machine.
clauditor
Tamper-resistant audit watchdog for Clawdbot agents. Detects and logs suspicious filesystem activity with HMAC-chained evidence.
azure-storage-exposure-auditor
Identify publicly accessible Azure Storage accounts and misconfigured blob containers
aws-security-group-auditor
Audit AWS Security Groups and VPC configurations for dangerous internet exposure
aws-s3-exposure-auditor
Identify publicly accessible S3 buckets, dangerous ACLs, and misconfigured bucket policies