ClawHub

Http Client

v2.0.3

Reference tool for devtools — covers intro, quickstart, patterns and more. Quick lookup for HTTP Client concepts, best practices, and implementation patterns.

0· 273·3 current·3 all-time
by@bytesagain1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill is described as a read-only reference for HTTP client topics and the provided shell script and SKILL.md implement that behavior. Minor inconsistencies: package metadata/version (2.0.3) vs the script's VERSION variable (2.0.2), and the quickstart text mentions "Required tools and access credentials" which conflicts with the header's statement "No API keys or credentials required." These appear to be documentation minor errors rather than functional mismatches.
Instruction Scope
SKILL.md instructs the agent to provide plain-text reference outputs (heredocs). The included script only prints static documentation and does not read files, environment variables, or network resources. No instructions request broader system context or data exfiltration.
Install Mechanism
There is no install spec; this is effectively an instruction-only/reference skill with a helper script. Nothing is downloaded or written to disk by an installer. The presence of a script is expected and its content is static and benign.
Credentials
The skill declares no required environment variables, credentials, or config paths and the runtime script does not access environment variables or secrets. This aligns with the stated purpose.
Persistence & Privilege
always is false and the skill does not request persistent system modifications or cross-skill configuration changes. Autonomous invocation is allowed by default but there are no additional privileges requested.
Assessment
This skill appears to be a straightforward, read-only reference tool. Before installing, note two small documentation issues: the script's internal VERSION (2.0.2) differs from the registry version (2.0.3), and the quickstart text mentions "access credentials" despite the header saying "No API keys or credentials required." These look like doc/version mismatches rather than malicious behavior. If you want extra caution: (1) review scripts/script.sh locally (it's small and static), (2) run it in a sandbox or isolated environment if you plan to execute it, and (3) contact the maintainer if you need the version/documentation clarified. No credentials or network access are required by the skill itself.

Like a lobster shell, security has layers — review code before you run it.

latestvk974t452xhpd968gjjt0f6fpb983gz61

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments