HTTPie
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent HTTPie instruction skill, with expected cautions around authenticated HTTP requests, saved sessions, and user-directed installation commands.
Before installing, be comfortable with an agent helping run HTTP requests. Review each command before it is sent, use scoped/test tokens where possible, avoid uploading sensitive files unintentionally, avoid --verify=no outside development, and delete saved HTTPie sessions when finished.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with real endpoints and credentials, generated commands could create, change, delete, upload, or download data through APIs.
The skill explicitly enables the agent to execute HTTPie requests, including mutating HTTP methods. This is expected for an HTTP client but can affect real APIs.
执行请求命令并解析响应 ... 支持全部 HTTP 方法(GET、POST、PUT、PATCH、DELETE、HEAD、OPTIONS)
Review the generated HTTP method, URL, headers, body, and files before execution; use --offline or verbose previews when unsure.
Saved session cookies or tokens may let later requests act as the logged-in user.
The guide discloses persistent HTTPie sessions and automatic reuse of cookies/auth state within a task, which can carry account privileges across requests.
Session 数据自动保存到 ~/.config/httpie/sessions/ 目录 ... AI 会在同一任务的多次请求中自动复用 Session
Use least-privilege or test credentials, avoid sharing session files, and clear HTTPie sessions when they are no longer needed.
Following these commands installs code from remote package sources onto the local machine.
The installation guide includes user-directed remote installer and binary download commands. These are common for CLI setup but depend on external sources.
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" ... curl -SsL https://packages.httpie.io/linux/http.latest.x86_64 -o /usr/local/bin/http
Prefer official package managers or pipx when possible, verify the source URL, and avoid elevated privileges unless necessary.