HTTPeep CLI SKILLS. HTTP API Deubgger | Give the agent the ability to see the network.
PassAudited by VirusTotal on May 7, 2026.
Overview
Type: OpenClaw Skill Name: httpeep-cli Version: 1.0.0 The skill provides an interface to `httpeep-cli`, a network proxy and debugging tool with high-risk capabilities. Key indicators include instructions for system-wide proxy manipulation (`proxy system on`), root CA installation (`cert install`), and an interactive shell mode (`shell`) documented in SKILL.md and references/cli-reference.md. Additionally, the reference documentation suggests a high-risk `curl | bash` installation method (URL: https://s1.httpeep.com/install-cli.sh). While these features are aligned with the tool's stated purpose of traffic inspection, they grant the agent significant control over network traffic and system security settings, which could be abused for data interception.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If misused, the agent could alter HTTP traffic behavior or remove debugging evidence.
The skill exposes commands that can rewrite traffic rules or delete captured sessions, but it also instructs the agent to require explicit user intent and use backup or dry-run steps.
Run `rules replace`, `rules reset`, or `sessions clear --all --yes` only when the user explicitly asks for persistent replacement, reset, or full cleanup. Show or run the backup/dry-run command first when possible.
Only allow persistent rule edits or session deletion for clearly requested debugging tasks, and review proposed commands before they run.
System-wide proxying or certificate trust changes could expose HTTPS traffic, cookies, tokens, or other account data to the debugging tool.
Installing HTTPS interception certificates or changing the system proxy can expand the agent's visibility into user traffic, but the skill explicitly gates these actions on user approval.
Run `cert install`, `cert uninstall`, `proxy system on`, and `proxy system off` only when the user explicitly asks for certificate trust or system-wide proxy changes.
Use scoped proxy settings when possible, and approve certificate or system-wide proxy changes only when you understand the effect.
Running a remote installer gives code from that URL control over the local environment.
The reference includes a remote install script piped directly to bash; this is a common but higher-trust installation pattern.
curl -fsSL https://s1.httpeep.com/install-cli.sh | bash
Prefer official installers or inspect the script and verify the source before running curl-to-bash commands.
Sensitive traffic details could be included in agent notes, summaries, logs, or final answers if not redacted.
The skill may inspect or summarize captured HTTP sessions that contain sensitive headers, cookies, authorization tokens, or request bodies.
Avoid logging secrets from headers, cookies, Authorization values, or request bodies. Redact sensitive values before reporting.
Limit capture filters, avoid broad session dumps, and confirm that secrets are redacted before sharing outputs.