Curl Http
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent curl command reference; it includes expected examples for HTTP requests, file transfers, and authentication that users should review before using with real systems.
This skill appears benign and consistent with a curl reference. Before installing or invoking it, remember that curl can contact arbitrary URLs, upload local files, download files, use credentials, and change remote resources through POST, PUT, PATCH, or DELETE requests. Confirm any real endpoint, file path, and credential use before running commands.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or user runs these examples against real endpoints, they could modify or delete remote data or transfer local files.
The skill documents curl commands that can delete remote API resources or upload local files. These are normal curl capabilities and align with the stated purpose, but they are high-impact if used against real services without user confirmation.
curl -X DELETE https://api.example.com/users/1 curl -T file.txt https://example.com/upload
Use these commands only with user-provided URLs and explicit approval for uploads, PUT/PATCH/POST, or DELETE actions.
Using real credentials directly in commands can expose them through shell history, process listings, logs, or shared transcripts.
The skill includes examples for basic authentication, bearer tokens, and API keys. This is expected for HTTP/API testing, but real credentials should be handled carefully.
curl -u username:password https://api.example.com curl -H "Authorization: Bearer YOUR_TOKEN" \ https://api.example.com curl "https://api.example.com?api_key=your_key"
Prefer scoped test credentials, avoid putting secrets in URLs, and use secret-management or environment-variable patterns when possible.