ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

SimpleHttpSkill

v0.1.0

Make HTTP requests (GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS) with custom headers, automatic retries, and graceful error handling. Use when the user need...

0· 414·0 current·0 all-time
byStephen Standridge@stephen-standridge
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the code and SKILL.md: a generic HTTP client with retries and backoff. There are no unrelated environment variables, binaries, or configuration paths requested.
Instruction Scope
The SKILL.md instructs the agent to import and use the included src/http-client.js and documents inputs/outputs and behavior. It does not direct the agent to read unrelated files, environment variables, or send data to endpoints other than those provided by the caller.
Install Mechanism
No install spec is provided (instruction-only deployment) and the included code is a small local JS file. Nothing is downloaded from external URLs or written to system locations during install.
Credentials
The skill requests no environment variables or credentials, which is appropriate. Note: callers can supply arbitrary headers (e.g., Authorization) so the skill can transmit sensitive tokens if you provide them — the skill itself does not request or store secrets.
Persistence & Privilege
always is false and the skill does not request persistent system-level privileges or modify other skills. It is user-invocable and may be invoked autonomously by the agent (platform default).
Assessment
This skill appears to do exactly what it says: make HTTP requests using built-in Node modules with retries and graceful errors. Before installing, consider that the skill can send arbitrary requests to any URL you provide (including any headers you pass), so do not supply sensitive tokens or credentials unless you trust the agent and target endpoint. If you want to limit risk, run the skill in a restricted environment or network sandbox, and avoid embedding secrets in defaultHeaders; prefer passing credentials explicitly per-call and validate target URLs to avoid SSRF or unintended exfiltration.

Like a lobster shell, security has layers — review code before you run it.

latestvk979nwcyg5zyhhy2215xws2xm581x2t0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Simple HTTP Skill

Make HTTP requests using only Node.js built-in modules. Supports all standard methods, arbitrary headers, automatic retries with exponential backoff, and never throws on failure — always resolves with an inspectable response object.

Required Inputs

  • url (string): Fully qualified URL to request.
  • method (string, optional): HTTP method. Default GET.
  • headers (object, optional): Request headers.
  • body (string | Buffer | object, optional): Request body. Objects are auto-serialized to JSON.
  • maxRetries (number, optional): Retry attempts for transient failures. Default 3.
  • timeout (number, optional): Socket timeout in ms. Default 30000.

Step-by-Step Workflow

  1. Import the client from src/http-client.js:
const { HttpClient } = require("./src/http-client");
  1. Create a client instance (optionally set default headers shared across calls):
const client = new HttpClient({
  defaultHeaders: { Authorization: "Bearer <token>" },
  maxRetries: 3,
});
  1. Make requests using convenience methods or the generic request():
// GET
const resp = await client.get("https://api.example.com/items");

// POST with JSON body
const resp = await client.post("https://api.example.com/items", {
  body: { name: "widget" },
});

// PUT with custom headers
const resp = await client.put("https://api.example.com/items/1", {
  headers: { "X-Request-Id": "abc123" },
  body: { name: "updated" },
});

// DELETE
const resp = await client.delete("https://api.example.com/items/1");

// Generic form — any method
const resp = await client.request("PATCH", "https://api.example.com/items/1", {
  body: { qty: 5 },
});
  1. Inspect the response:
if (resp.ok) {
  console.log(resp.body);      // parsed JSON or raw string
  console.log(resp.status);    // e.g. 200
  console.log(resp.headers);   // response headers object
} else {
  console.log(resp.error);     // human-readable error (null if HTTP error with status)
  console.log(resp.status);    // HTTP status code or null for network errors
}

Output Format

Every call resolves with an object containing:

KeyTypeDescription
okbooleantrue if status is 2xx
statusnumber | nullHTTP status code; null for network-level errors
headersobjectResponse headers
bodyanyParsed JSON (if content-type is JSON), else string
errorstring | nullError description on failure; null on success

Error Handling & Retry Behavior

  • Retried automatically: Connection errors, timeouts, and HTTP 429 / 5xx responses.
  • Not retried: 4xx errors (except 429) — returned immediately.
  • Backoff: Exponential with jitter (base 500ms, capped at 30s).
  • Graceful failure: The client never throws. After exhausting retries, it resolves with the last error response so the caller can always inspect resp.ok and resp.error.

Configuration Options

All options can be set at the client level (constructor) and overridden per-request:

OptionDefaultDescription
defaultHeaders{}Headers applied to every request
maxRetries3Max retry attempts
timeout30000Socket timeout in ms
backoffBase500Base delay (ms) for exponential backoff
backoffMax30000Maximum backoff delay cap (ms)

Dependencies

None — uses only Node.js built-in modules (http, https, url).

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…