← Back to Skills Marketplace
101
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install httprequests
Description
Send HTTP requests with Python requests instead of curl when quoting and escaping would be error-prone. Use for GET, POST, PUT, DELETE requests with headers,...
README (SKILL.md)
HTTP Requests
Use this skill when an HTTP API call is needed and curl quoting/escaping would be fragile.
What this skill does
- Sends HTTP requests via Python
requests - Supports
GET,POST,PUT,DELETE - Supports headers, query params, JSON body, form data, and timeout
- Writes a light daily JSONL log under
logs/ - Avoids logging sensitive values like authorization tokens and full bodies
Inputs to collect
Before running the script, gather:
- Method:
GET/POST/PUT/DELETE - URL
- Headers if any
- Query params if any
- JSON body or form data if any
- Timeout if the user cares (otherwise use default)
Script
Primary script:
scripts/request_http.py
Run it with Python and pass method/url plus optional inputs.
Logging
Logs are stored inside this skill directory:
logs/YYYY-MM-DD.jsonl
Each line contains a light summary only:
- timestamp
- method
- url
- status
- ok
- duration_ms
- response_bytes
- error (if any)
Do not log authorization tokens, cookies, or full request/response bodies by default.
When to read references
Read references/usage-patterns.md when:
- the request has multiple headers/params/body fields
- the user wants an example pattern
- you need to choose between JSON body and form data
- you need the expected command-line argument style for the script
Usage Guidance
This skill is functionally coherent but not fully protective of secrets. Before installing or using it: (1) avoid putting sensitive tokens in URL query strings (the script logs args.url unredacted); (2) avoid passing secrets on the command line where other processes/command history can capture them; prefer sending tokens in headers and verify the headers are redacted in any logs; (3) be aware the script prints response bodies to stdout (which your agent or host may capture); (4) install or ensure the 'requests' Python package is available or add an explicit install step; (5) consider patching the script to redact query params from logged URLs (or to omit logging the URL entirely) and to actually use redact_headers when persisting any headers. If you cannot review or modify the code, run it in an isolated environment and do not use it with real credentials or sensitive endpoints.
Capability Analysis
Type: OpenClaw Skill
Name: httprequests
Version: 1.0.0
The skill provides a utility for making HTTP requests via the Python `requests` library. While it aligns with its stated purpose and includes security-conscious instructions in `SKILL.md`, the script `scripts/request_http.py` contains a high-risk capability (arbitrary network access) and a potential data-leakage vulnerability. Specifically, it logs the full URL (including potentially sensitive query parameters) to a local file, and while a header redaction function is defined, it is never actually called in the execution flow. No clear evidence of intentional malice or hardcoded exfiltration was found.
Capability Assessment
Purpose & Capability
Name/description match the included script: the Python script implements GET/POST/PUT/DELETE, headers/params/json/data, timeouts, and writes light logs. Nothing in the code requires unrelated credentials or binaries.
Instruction Scope
SKILL.md promises to avoid logging sensitive values, but the script logs the original args.url (which can contain sensitive query parameters) and prints response bodies to stdout. A redact_headers helper exists but is not used for logging. These gaps mean secrets could be exposed despite the 'do not log' claim.
Install Mechanism
Instruction-only skill (no install spec) — low install risk. The script depends on the third-party 'requests' package but does not declare or install it; the runtime must already have requests available or the call will fail.
Credentials
The skill requests no environment variables or credentials. Example usage shows passing Authorization headers or form passwords as arguments, which is expected for an HTTP helper, but those can be exposed via URL/console if used carelessly.
Persistence & Privilege
No always:true flag and no system-wide persistence. The skill writes per-day logs under its own logs/ directory (normal for a local helper).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install httprequests - After installation, invoke the skill by name or use
/httprequests - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
# HTTP Requests Skill v1.0.0 更新说明
新增一个基于 Python `requests` 的通用 HTTP 请求 Skill,用来替代复杂 `curl` 场景,减少引号、转义、JSON body 拼接错误。
## Skill 信息
- 名称:`http-requests`
- 版本:`1.0.0`
- 目录:`http-requests-1.0.0`
## 主要功能
第一版提供统一的 HTTP 请求能力,使用单个通用脚本处理全部请求方式。
当前支持:
- GET
- POST
- PUT
- DELETE
- Headers
- Query Params
- JSON Body
- Form Data
- Timeout
- 响应状态码输出
- 响应头可选输出
- 响应体输出
- 响应体长度裁剪
## 设计特点
### 1. 单脚本统一处理
不按 GET / POST / PUT / DELETE 拆多个脚本,而是使用一个统一入口脚本处理全部请求方式,结构更简单,后续也更容易维护。
主脚本:
```text
scripts/request_http.py
Metadata
Frequently Asked Questions
What is http-requests-1.0.0?
Send HTTP requests with Python requests instead of curl when quoting and escaping would be error-prone. Use for GET, POST, PUT, DELETE requests with headers,... It is an AI Agent Skill for Claude Code / OpenClaw, with 101 downloads so far.
How do I install http-requests-1.0.0?
Run "/install httprequests" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is http-requests-1.0.0 free?
Yes, http-requests-1.0.0 is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does http-requests-1.0.0 support?
http-requests-1.0.0 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created http-requests-1.0.0?
It is built and maintained by Pumpkin (@pumpkinttl); the current version is v1.0.0.
More Skills