ClawHub

Api Tester

v1.0.0

Perform structured HTTP/HTTPS requests (GET, POST, PUT, DELETE) with custom headers and JSON body support. Use for API testing, health checks, or interacting...

3· 5.3k·82 current·83 all-time
byWANGJUNJIE@wanng-ide
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (API testing, GET/POST/PUT/DELETE, JSON support) match the included code. The code uses only Node.js built-in http/https modules and exposes a request(...) function as documented.
Instruction Scope
SKILL.md usage examples are limited to making HTTP requests and match the exported API. One runtime detail not called out in SKILL.md: the module's CLI entrypoint (main) runs a smoke test that performs GETs to https://www.google.com and http://example.com when the module is executed directly. The test script also performs network calls and will exit non‑zero on failures. This behavior is network-facing but consistent with a network-test utility.
Install Mechanism
No install spec or external downloads; the package is instruction+code only and uses only standard Node modules. No archives or remote installers are involved.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The ability to send arbitrary HTTP requests is inherent to the skill's purpose; no excessive secrets access is requested.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent presence or modify other skills or system settings.
Assessment
This skill appears to do exactly what it claims: provide a small HTTP client. Before installing, be aware that: (1) the CLI entrypoint and test script perform outbound network requests to google.com and example.com when executed — run them in an environment where outbound network calls are allowed and safe; (2) when used by an agent, the skill can make requests to arbitrary URLs and could be used to access internal services or send data to external endpoints, so avoid passing sensitive credentials or tokens as headers unless you intend to; (3) the code is small and readable — you can review it yourself (no hidden obfuscation or remote downloads). If you want extra safety, run the skill in a network-restricted sandbox or review/modify the smoke-test/test scripts before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk976xss824apn1nvxdqe0vjyfx81679s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments