ClawHub

Jrv Http Client

v1.0.0

Make HTTP requests from the command line with support for auth (Bearer, Basic, API key), custom headers, JSON/form body, response formatting, timing, and his...

0· 95·0 current·0 all-time
byJohn Wang@johnnywang2001
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description and the included Python script align: this is an HTTP client supporting auth, headers, bodies, timing, and formatted output. The SKILL.md mentions 'history logging' which was not visible in the portion of scripts/http_client.py provided (file content was truncated), so that specific claim may not be implemented.
Instruction Scope
Runtime instructions only direct the agent to run the local Python script with URL, headers, and auth arguments. The script performs network requests and can write a response to a local file if requested; it does not read arbitrary local configuration or other system secrets (no required env vars or config paths).
Install Mechanism
No install spec is provided (instruction-only with an included script). Nothing is downloaded or installed during runtime; risk is limited to executing the bundled Python script.
Credentials
The skill requests no environment variables or external credentials. It accepts credentials via CLI flags (--bearer, --auth, --api-key). This is proportionate, but passing secrets on a command line can expose them in process listings and shell history — an operational risk the user should consider.
Persistence & Privilege
The skill does not request persistent presence (always: false) and does not modify other skills or system-wide config. It runs only when invoked.
Assessment
This skill appears to be a normal CLI HTTP client and is coherent with its description. Before installing or using it, consider: (1) The provided script was truncated in the submission so the tail of the code (where history logging or other behavior could live) was not visible — review the full file locally before trusting it. (2) Avoid passing sensitive tokens or passwords on the command line where possible (they can appear in process lists and shell history); if you must, be aware of that exposure. (3) --no-verify disables TLS verification and can enable man-in-the-middle attacks — use only for testing. (4) Output to files may persist sensitive response bodies on disk. If you plan to let an agent invoke this autonomously, ensure the agent's scope and the URLs it may contact are restricted to trusted endpoints.

Like a lobster shell, security has layers — review code before you run it.

latestvk970s1sexh7rq4rd35gzmwkvfd834vdz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments