API Endpoint Tester
v1.0.1CLI tool to test REST API endpoints with various HTTP methods, headers, and payloads.
⭐ 0· 444·1 current·1 all-time
byDerick@derick001
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (API Endpoint Tester) match the included CLI script and README. Required binary (python3) and the requests package are appropriate and proportional for the stated purpose. Minor metadata mismatch: SKILL.md lists version 1.0.0 while registry shows 1.0.1, but this is an implementation/versioning inconsistency rather than a security issue.
Instruction Scope
SKILL.md and README instruct the agent/user to run the included CLI which issues HTTP(S) requests to arbitrary URLs with user-provided headers/body. The runtime instructions and the script stay within that scope; there are no instructions to read unrelated files, environment variables, or to send data to other endpoints. Note: because the tool accepts arbitrary headers/bodies, a user could accidentally send secrets if provided.
Install Mechanism
There is no install spec (instruction-only), and the package relies on the widely used Python 'requests' library. SKILL.md and README advise installing requests via pip; no downloads from unknown hosts or archive extraction are present.
Credentials
The skill requests no environment variables or credentials. That is proportionate. However, the tool allows callers to supply Authorization and other headers; users should avoid passing secrets or long-lived tokens into requests unless they intend to transmit them to the target endpoint.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system-wide privileges. Autonomous model invocation is allowed (default) but this is expected for skills and is not combined with other concerning privileges. The script restricts output-file writes to the skill directory, limiting its ability to write arbitrary files elsewhere.
Assessment
This package appears to do what it says: a small CLI that issues HTTP(S) requests. Before installing or running it, consider: (1) the source/homepage is not provided — if you need long-term trust, prefer code from a known maintainer or repo; (2) the tool will send whatever headers and body you pass, so do not pass sensitive API keys or tokens unless you intend them to be transmitted to the target endpoint; (3) it can reach arbitrary network endpoints — run it in an environment where network access is acceptable; (4) the tool requires the Python 'requests' library (pip install requests). If you want extra assurance, review the provided scripts/main.py (included) and run it in an isolated environment or sandbox.Like a lobster shell, security has layers — review code before you run it.
latestvk973edc4nzb13z5rmsn0eqefq582547n
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binspython3