Description

Run curl requests safely in a sandbox, supporting GET/POST/HTTP headers, with complete network isolation.

README (SKILL.md)

Boxed Curl Skill

Name: Boxed Curl
Author: guyoung

Run curl-like HTTP requests safely within a WASM sandbox with network access control.

Triggering Method

Use this skill when the user says:

"boxed curl", "boxed curl"
"Sandbox version of curl", "Sandbox curl", "Secure curl"
"Make a request using boxed-curl", "Help me with boxed-curl"
"Send a secure HTTP request", "Secure GET/POST request"
"沙箱版 curl"、"沙箱 curl"、"安全的 curl"
"用 boxed-curl 请求"、"帮我 boxed-curl"
"发一个安全的 HTTP 请求"、"安全的 GET/POST 请求"

⚠️ Required Plugin

This skill requires the openclaw-wasm-sandbox plugin version >= 0.2.0.

The wasm-sandbox-download tool was added in version 0.2.0. If the plugin is not installed or version is lower:

openclaw plugins install clawhub:openclaw-wasm-sandbox
openclaw plugins update openclaw-wasm-sandbox
openclaw gateway restart

Verify the version:

openclaw plugins inspect openclaw-wasm-sandbox

Look for Version: 0.2.0 or higher in the output.

⚠️ WASM File Required

This skill requires the WASM component file to be downloaded first.

If the WASM file does not exist locally, use the wasm-sandbox-download tool to download it:

Step 0: Download WASM File

wasm-sandbox-download({
  url: "https://raw.githubusercontent.com/guyoung/wasm-sandbox-openclaw-skills/main/boxed-curl/files/boxed_curl_component.wasm",
  output: "\x3Cskill_dir>/files/boxed_curl_component.wasm",
  resume: false,
  timeout: 60000
})

Important: Set resume: false for initial download. The download destination is github.com which supports resume.

Tool: wasm-sandbox-run

Use the wasm-sandbox-run tool to execute the WASM component after the WASM file is available.

How It Works

Check for WASM file — If not found, download using wasm-sandbox-download
User provides curl-like arguments (URL with optional options)
AI extracts the URL and any curl options
AI determines allowedOutboundHosts based on the target host
AI calls wasm-sandbox-run with the arguments and network permissions

Supported Features

Option	Description	Status
`-X, --request METHOD`	HTTP method (GET, POST, PUT, DELETE, etc.)	✅
`-H, --header HEADER`	Add request header	✅
`-d, --data DATA`	Request body data	✅
`-i, --include`	Include response headers	✅
`-L, --location`	Follow redirects	✅
`-v, --verbose`	Verbose output	✅
`-o, --output FILE`	Output to file	⚠️ Not supported

Usage Pattern

Step 1: Extract Arguments

Parse the user's input:

URL — the target endpoint
curl options — -X, -H, -d, etc.
allowedOutboundHosts — if user explicitly provided it

Step 2: Determine Network Access

If user did NOT specify allowedOutboundHosts, infer from URL:

URL Pattern	`allowedOutboundHosts`
`https://api.github.com/*`	`https://api.github.com`
`https://httpbin.org/*`	`https://httpbin.org`
`https://raw.githubusercontent.com/*`	`https://raw.githubusercontent.com`
Any HTTPS URL	`https://\x3Chost>` (extract host from URL)

Step 3: Call wasm-sandbox-run

wasm-sandbox-run({
  wasmFile: "\x3Cskill_dir>/files/boxed_curl_component.wasm",
  allowedOutboundHosts: ["https://\x3Ctarget-host>"],
  args: ["\x3Ccurl options>", "\x3CURL>"]
})

Examples

GET Request

User says: "fetch data from https://httpbin.org/get"

wasm-sandbox-run({
  wasmFile: "\x3Cskill_dir>/files/boxed_curl_component.wasm",
  allowedOutboundHosts: ["https://httpbin.org"],
  args: ["https://httpbin.org/get"]
})

POST with JSON Body

User says: curl -X POST https://httpbin.org/post -H "Content-Type: application/json" -d '{"name":"value"}'

wasm-sandbox-run({
  wasmFile: "\x3Cskill_dir>/files/boxed_curl_component.wasm",
  allowedOutboundHosts: ["https://httpbin.org"],
  args: ["-X", "POST", "-H", "Content-Type:application/json", "-d", "{\"name\":\"value\"}", "https://httpbin.org/post"]
})

GET with Headers

User says: "fetch with custom Authorization header"

wasm-sandbox-run({
  wasmFile: "\x3Cskill_dir>/files/boxed_curl_component.wasm",
  allowedOutboundHosts: ["https://httpbin.org"],
  args: ["-H", "Authorization:Bearer token123", "https://httpbin.org/get"]
})

GitHub API Request

User says: "get GitHub user info for 'octocat'"

wasm-sandbox-run({
  wasmFile: "\x3Cskill_dir>/files/boxed_curl_component.wasm",
  allowedOutboundHosts: ["https://api.github.com"],
  args: ["https://api.github.com/users/octocat"]
})

GET with Response Headers

User says: "fetch with -i flag to see response headers"

wasm-sandbox-run({
  wasmFile: "\x3Cskill_dir>/files/boxed_curl_component.wasm",
  allowedOutboundHosts: ["https://httpbin.org"],
  args: ["-i", "https://httpbin.org/get"]
})

Important Notes

Always set allowedOutboundHosts — sandbox blocks all outbound HTTP by default
Download WASM first if missing — use wasm-sandbox-download tool
Extract host from URL automatically when user doesn't specify
Use /post endpoint for POST — /get returns 405 Method Not Allowed
args order: curl options first, URL last
JSON in -d: escape quotes properly (e.g., {\"key\":\"value\"})

Usage Guidance

This skill appears to do what it says (run HTTP requests inside a WASM sandbox), but it requires downloading and executing a WASM binary from a GitHub raw URL at runtime — that binary is not included in the package and cannot be audited from the SKILL.md alone. Before installing or using this skill: 1) verify the upstream repo and author (confirm the GitHub repo owner and history); 2) request or require a pinned checksum (SHA256) for the WASM file so you can verify integrity before execution; 3) ensure the openclaw-wasm-sandbox plugin is up-to-date and that its sandboxing/network restrictions meet your security requirements; 4) avoid sending secrets or long-lived tokens via this skill unless you trust the WASM component and have pinned its checksum; and 5) if you need stronger assurance, ask the publisher to include the WASM component in the skill bundle (or provide its source and a reproducible build) so it can be inspected locally. Additional information that would raise confidence to high: a published SHA256 for the WASM file, a trusted upstream repo with history, or the WASM source + reproducible build instructions.

Capability Analysis

Type: OpenClaw Skill Name: boxed-curl Version: 1.0.0 The 'boxed-curl' skill facilitates HTTP requests via a WASM sandbox but requires the agent to download and execute an external binary from a third-party GitHub repository (SKILL.md). It also instructs the agent to perform high-privilege system actions if dependencies are missing, such as installing plugins and restarting the gateway service. While these behaviors are documented as necessary for the skill's functionality and include security-conscious features like network host allowlisting, the combination of remote payload execution and environment modification represents a significant supply chain and execution risk.

Capability Assessment

✓ Purpose & Capability

Name/description (sandboxed curl) lines up with the instructions: the skill requires a WASM sandbox plugin and a WASM component to execute HTTP requests with restricted outbound hosts. The declared dependencies (openclaw-wasm-sandbox plugin) are appropriate for the stated purpose.

ℹ Instruction Scope

Instructions are focused on parsing curl-like args, deriving allowedOutboundHosts, downloading a WASM file if missing, and calling wasm-sandbox-run. They do not ask for unrelated environment variables or secrets. However, the runtime flow includes fetching a remote binary and running it, which expands the actual attack surface beyond the prose (the WASM contents are not provided for review).

⚠ Install Mechanism

This is instruction-only (no install spec), but it requires downloading an executable WASM file from a remote URL (raw.githubusercontent.com). While GitHub raw is a well-known host and the download is coherent with needing a WASM component, fetching and writing an external binary to disk and executing it (even inside a sandbox) is a higher-risk install pattern because the binary's contents are not auditable here and could change upstream.

✓ Credentials

The skill declares no environment variables, credentials, or config paths. Example usage includes sending Authorization headers as request data (normal for an HTTP client), but the skill does not request secret storage or unrelated credentials in metadata.

✓ Persistence & Privilege

The skill does not request always:true and does not modify other skills or system-wide configs. Autonomous invocation remains possible (platform default) but is not combined with elevated persistence.

Version History

v1.0.0

boxed_curl v1.0.0 - Initial release providing sandboxed (WASM-based) execution of curl-like HTTP requests. - Supports GET, POST, HTTP headers, and request bodies, with per-host network isolation via allowedOutboundHosts. - Requires openclaw-wasm-sandbox plugin v0.2.0+ and a local boxed_curl_component.wasm file. - Includes automatic extraction of curl arguments and outbound host restriction based on the target URL. - Provides example usage patterns and options matrix; explicit documentation for setup and key usage tips.

Metadata

Slug boxed-curl

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Boxed Curl?

Run curl requests safely in a sandbox, supporting GET/POST/HTTP headers, with complete network isolation. It is an AI Agent Skill for Claude Code / OpenClaw, with 99 downloads so far.

How do I install Boxed Curl?

Run "/install boxed-curl" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Boxed Curl free?

Yes, Boxed Curl is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Boxed Curl support?

Boxed Curl is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Boxed Curl?

It is built and maintained by guyoung (@guyoung); the current version is v1.0.0.

More Skills

Boxed Curl