ClawHub

API Endpoint Tester

v1.0.1

CLI tool to test REST API endpoints with various HTTP methods, headers, and payloads.

0· 451·1 current·1 all-time
byDerick@derick001
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (API Endpoint Tester) match the included CLI script and README. Required binary (python3) and the requests package are appropriate and proportional for the stated purpose. Minor metadata mismatch: SKILL.md lists version 1.0.0 while registry shows 1.0.1, but this is an implementation/versioning inconsistency rather than a security issue.
Instruction Scope
SKILL.md and README instruct the agent/user to run the included CLI which issues HTTP(S) requests to arbitrary URLs with user-provided headers/body. The runtime instructions and the script stay within that scope; there are no instructions to read unrelated files, environment variables, or to send data to other endpoints. Note: because the tool accepts arbitrary headers/bodies, a user could accidentally send secrets if provided.
Install Mechanism
There is no install spec (instruction-only), and the package relies on the widely used Python 'requests' library. SKILL.md and README advise installing requests via pip; no downloads from unknown hosts or archive extraction are present.
Credentials
The skill requests no environment variables or credentials. That is proportionate. However, the tool allows callers to supply Authorization and other headers; users should avoid passing secrets or long-lived tokens into requests unless they intend to transmit them to the target endpoint.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system-wide privileges. Autonomous model invocation is allowed (default) but this is expected for skills and is not combined with other concerning privileges. The script restricts output-file writes to the skill directory, limiting its ability to write arbitrary files elsewhere.
Assessment
This package appears to do what it says: a small CLI that issues HTTP(S) requests. Before installing or running it, consider: (1) the source/homepage is not provided — if you need long-term trust, prefer code from a known maintainer or repo; (2) the tool will send whatever headers and body you pass, so do not pass sensitive API keys or tokens unless you intend them to be transmitted to the target endpoint; (3) it can reach arbitrary network endpoints — run it in an environment where network access is acceptable; (4) the tool requires the Python 'requests' library (pip install requests). If you want extra assurance, review the provided scripts/main.py (included) and run it in an isolated environment or sandbox.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binspython3
latestvk973edc4nzb13z5rmsn0eqefq582547n
451downloads
0stars
2versions
Updated 1mo ago
v1.0.1
MIT-0
Derick@derick001
latest
Download

API Endpoint Tester

What This Does

A simple CLI tool to send HTTP requests to REST API endpoints and validate responses. Supports GET, POST, PUT, DELETE, PATCH methods with custom headers and request bodies (JSON or form data).

When To Use

  • You need to test API endpoints manually or in scripts
  • You want to validate HTTP status codes and response formats
  • You're debugging API integrations and need quick requests
  • You need to check if an endpoint is reachable and responding correctly

Usage

Basic GET request: python3 scripts/main.py run --url "https://api.example.com/users" --method GET

POST with JSON body: python3 scripts/main.py run --url "https://api.example.com/users" --method POST --body '{"name": "John", "email": "john@example.com"}'

With custom headers: python3 scripts/main.py run --url "https://api.example.com/users" --method GET --headers '{"Authorization": "Bearer token123"}'

Examples

Example 1: Simple GET request

python3 scripts/main.py run --url "https://jsonplaceholder.typicode.com/posts/1" --method GET

Output:

{
  "status": "success",
  "status_code": 200,
  "headers": {
    "content-type": "application/json; charset=utf-8"
  },
  "body": {
    "userId": 1,
    "id": 1,
    "title": "sunt aut facere repellat provident occaecati excepturi optio reprehenderit",
    "body": "quia et suscipit\nsuscipit recusandae consequuntur expedita et cum\nreprehenderit molestiae ut ut quas totam\nnostrum rerum est autem sunt rem eveniet architecto"
  },
  "response_time_ms": 245
}

Example 2: POST with validation

python3 scripts/main.py run --url "https://jsonplaceholder.typicode.com/posts" --method POST --body '{"title": "foo", "body": "bar", "userId": 1}' --expected-status 201

Requirements

  • Python 3.x
  • requests library (install via pip if not available)

Limitations

  • This is a CLI tool, not an auto-integration plugin
  • Does not support WebSocket or streaming endpoints
  • Limited to HTTP/HTTPS protocols (no gRPC, GraphQL, etc.)
  • No built-in authentication beyond headers
  • Does not save test suites or history (single request at a time)
  • Timeouts default to 10 seconds

Comments

Loading comments...