Back to skill

Security audit

Httpie

Security checks across malware telemetry and agentic risk

Overview

This HTTPie skill is mostly a coherent command-line API testing guide, but it gives agents broad permission to install software, run live network requests, persist sessions, and handle credentials without enough user-control or safety guidance.

Install only if you are comfortable with an agent helping run HTTPie commands. Require confirmation before package installs, curl/bash bootstrap commands, live requests, credential-bearing requests, uploads, downloads, proxy changes, TLS verification changes, or session reuse. Use environment variables or prompts for real secrets, avoid verbose logs with tokens, inspect session files, and clear saved sessions when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (18)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly promotes authenticated requests, persistent sessions/cookies, verbose debugging, and saving remote responses to local files, but it provides no safety guidance about exposing credentials in shell history, persisting session state on disk, leaking tokens in verbose output, or overwriting files during downloads. In an agent skill context, these omissions can lead users or automation to handle secrets and untrusted remote content unsafely even though the examples are framed as normal usage.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide explicitly tells an AI it 'can directly execute' package installation commands such as `brew install`, `pip install`, and later uninstall commands, but it does not require prior user confirmation or warn that these actions modify the local system. In an agent setting, this can lead to unauthorized package changes, PATH changes, or dependency installation on the user's machine.

Missing User Warnings

High
Confidence
98% confidence
Finding
The Homebrew bootstrap step uses `curl ... | bash`, a classic network-fetch-and-execute pattern that downloads and immediately runs remote code without any warning, integrity verification, or confirmation step. In an agent workflow this is especially risky because it enables execution of attacker-controlled or tampered remote installer content on the host.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The guide instructs the AI to send an outbound HTTP request to `https://httpie.io/hello` as a test, but it does not disclose that a network connection will be made or obtain approval. Even though the destination appears benign, agent-driven network activity can leak metadata such as IP address, environment timing, and usage patterns.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide includes hard-coded example secrets and credentials such as `abc123`, `admin:secret123`, bearer tokens, and a GitHub-style `ghp_` token without an explicit warning not to reuse real credentials. Readers or downstream agents may copy these patterns directly, normalize embedding secrets in commands, or expose them in shell history, logs, screenshots, and verbose output.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The text explicitly tells an AI to directly execute network requests and return responses, but it does not warn that request contents, headers, tokens, or user-supplied data may be transmitted to external services. In an agent setting, this can cause unintended exfiltration of sensitive data or trigger requests to untrusted endpoints without informed user consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The session examples show logging in with inline credentials and explicitly note that session state is persisted on disk, but they do not warn that cookies, tokens, and other authentication artifacts may be stored in plaintext-readable files or exposed through shell history. In a tooling guide, this can lead users to reuse the pattern with real credentials and unintentionally leak persistent auth material.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The upload and download examples demonstrate sending local files to remote endpoints and writing remote content to local disk without any caution about data exposure, overwriting files, or handling untrusted content. Users following these examples may unintentionally exfiltrate sensitive local files or save malicious content from remote services.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The proxy section shows command-line and environment-variable proxy configuration but omits that all request URLs, headers, cookies, and potentially credentials may transit the proxy. This is especially risky because exported proxy environment variables can affect later commands beyond the immediate example and broaden unintended data exposure.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The CA bundle and mTLS examples reference certificate and private-key files without warning that these files are sensitive credentials whose disclosure can enable impersonation or unauthorized access. In particular, client private keys should never be casually copied, committed, or stored with weak permissions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The troubleshooting guide recommends disabling TLS certificate verification with `http --verify=no`, which weakens transport security and can expose users to man-in-the-middle attacks if copied into real workflows. Although it is labeled for development/testing, the example does not clearly warn that this must not be used for production or untrusted networks.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The authentication examples place usernames, passwords, and tokens directly on the command line and in environment variables, which can leak via shell history, process listings, terminal logs, CI logs, or copied session files. This is especially risky in a troubleshooting document because users are likely to paste commands verbatim while debugging production access issues.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# 添加自定义请求头(使用 : 语法)
http https://api.example.com/users "X-API-Key: abc123" "Accept: application/json"

# 发送带认证头的 POST 请求
http POST https://api.example.com/data \
Confidence
90% confidence
Finding
https://api.example.com/

External Transmission

Medium
Category
Data Exfiltration
Content
http https://api.example.com/users "X-API-Key: abc123" "Accept: application/json"

# 发送带认证头的 POST 请求
http POST https://api.example.com/data \
    "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9..." \
    "Content-Type: application/json" \
    name="测试"
Confidence
92% confidence
Finding
https://api.example.com/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# -a 或 --auth 指定用户名:密码
http -a admin:secret123 https://api.example.com/protected

# 只指定用户名(会提示输入密码)
http -a admin https://api.example.com/protected
Confidence
93% confidence
Finding
https://api.example.com/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# 直接在请求头中传入 Token
http https://api.example.com/me "Authorization: Bearer my-access-token"
```

### Digest 认证
Confidence
91% confidence
Finding
https://api.example.com/

External Transmission

Medium
Category
Data Exfiltration
Content
### Digest 认证

```bash
http --auth-type=digest -a user:pass https://api.example.com/digest
```

---
Confidence
90% confidence
Finding
https://api.example.com/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# 查询当前用户信息(Bearer Token)
http https://api.github.com/user "Authorization: Bearer ghp_xxxxx"
```

### 示例 4: 下载文件
Confidence
95% confidence
Finding
https://api.github.com/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
guides/02-quickstart.md:134