AI Skill Store

AI Agent Skill Marketplace
← Back to Skills

http-request-validator

v1.0.0 approved Development ⬇ 3 ↑ 1/7d 4d ago
✅ Verified
⬇ Download Install Guide↓
🤖 Agent install commands (curl / MCP / Claude Desktop)
▸ curl one-liner
curl -L -o http-request-validator.skill   "https://aiskillstore.io/v1/agent/skills/82697ffe-f69a-44a9-ace7-27a292de906d/download?platform=ClaudeCode"
▸ MCP tool call (after registering Skill Store MCP)
{
  "tool": "download_skill",
  "arguments": {
    "skill_id": "82697ffe-f69a-44a9-ace7-27a292de906d",
    "platform": "ClaudeCode"
  }
}
▸ Claude Desktop / Cursor MCP config (one-time)
{
  "mcpServers": {
    "skill-store": {
      "url": "https://aiskillstore.io/mcp/"
    }
  }
}
📖 Full agent API guide: /llms.txt  ·  MCP server card

Validates HTTP request objects (method, URL, headers, body) against RFC standards and OpenAPI specs, returning structured error lists. Prevents request-generation bugs before execution in agent API automation loops.

# http # validation # openapi # authentication # api

Basic Info

Owner 👤 aiskillstore-team Category Development Registered 2026-06-11 Last Updated 2026-06-11 Latest Version 1.0.0 Packaged At 2026-06-11 Vetting Status approved Downloads 3 Checksum (SHA256) 3057af1807282c3ebb7127ff7e6700680a0c45aeb22a43af2f598e850b08fd89

Installation

Compatible Platforms any

1
Install the skill using openclaw_skill_manager.py.
python openclaw_skill_manager.py --install http-request-validator
2
Verify installation
python openclaw_skill_manager.py --list-installed
3
Install a specific version (optional)
python openclaw_skill_manager.py --install http-request-validator --version 1.0.0
1
Download the skill package.
curl -O https://aiskillstore.io/v1/skills/82697ffe-f69a-44a9-ace7-27a292de906d/download
2
Place it in the Claude Code commands directory.
unzip http-request-validator.skill -d ~/.claude/commands/http-request-validator/
3
Use it as a slash command in Claude Code.
/http-request-validator
1
Download the Agent Skills package.
curl -O https://aiskillstore.io/v1/agent/skills/82697ffe-f69a-44a9-ace7-27a292de906d/download?platform=ClaudeCodeAgentSkill
2
Unzip it into the Claude Code skills directory.
unzip http-request-validator-agent-skill-*.skill -d ~/.claude/skills/http-request-validator/
3
Restart Claude Code — the skill is auto-loaded at session start. No slash command needed.
1
Download the Cursor-converted package.
curl -O https://aiskillstore.io/v1/agent/skills/82697ffe-f69a-44a9-ace7-27a292de906d/download?platform=Cursor
2
Unzip and place it in a permanent location.
unzip http-request-validator-cursor-*.skill -d ~/.cursor/skills/http-request-validator/
3
Add the MCP server config to .cursor/mcp.json, then restart Cursor.
cat ~/.cursor/skills/http-request-validator/cursor_mcp_config.json
1
Download the Gemini CLI-converted package.
curl -O https://aiskillstore.io/v1/agent/skills/82697ffe-f69a-44a9-ace7-27a292de906d/download?platform=GeminiCLI
2
Unzip and place it in a permanent location.
unzip http-request-validator-geminicli-*.skill -d ~/.gemini/skills/http-request-validator/
3
Add the MCP server config to ~/.gemini/settings.json, then restart Gemini CLI.
cat ~/.gemini/skills/http-request-validator/gemini_settings_snippet.json
1
Download the Codex CLI-converted package.
curl -O https://aiskillstore.io/v1/agent/skills/82697ffe-f69a-44a9-ace7-27a292de906d/download?platform=CodexCLI
2
Unzip and place it in a permanent location.
unzip http-request-validator-codexcli-*.skill -d ~/.codex/skills/http-request-validator/
3
Add the MCP server config to ~/.codex/config.toml, then restart Codex CLI.
cat ~/.codex/skills/http-request-validator/codex_config_snippet.toml
1
Download the skill package via REST API.
GET https://aiskillstore.io/v1/skills/82697ffe-f69a-44a9-ace7-27a292de906d/download
2
Place it in your agent platform's skills directory.
cp http-request-validator.skill ./skills/
3
Fetch platform-specific details via the Install Guide API.
GET https://aiskillstore.io/v1/skills/82697ffe-f69a-44a9-ace7-27a292de906d/install-guide?platform=CustomAgent

Security Vetting Report

Vetting Result CAUTION

🚨 Security risks detected:

  • main.py: base64.b64decode(
  • tests/_test_local.py: subprocess.run(

Findings: ["메타데이터 경고: 권장 필드 없음: 'requirements' (SKILL.md v2 권장)", "메타데이터 경고: 권장 필드 없음: 'changelog' (SKILL.md v2 권장)", '정보: spec: usk/1.0 미선언 — v2 패키지로 처리됩니다. 자동 변환 및 에이전트 검색 기능을 사용하려면 USK v3로 업그레이드하세요.']

AI Review Stage

Reviewer gemini Risk Level 🟢 Low Review Summary HTTP 요청 객체의 유효성을 검사하는 스킬로, 선언된 권한을 준수하며 악의적인 코드가 없습니다.
Reasoning

1. **권한 일치:** 스킬 메타데이터에 'network: false', 'filesystem: false', 'subprocess: false'로 선언되어 있으며, 'main.py' 코드는 이 권한을 엄격히 준수합니다. 'urllib.parse'는 URL 파싱에만 사용되며, 'sys.stdin'/'sys.stdout'은 표준 입출력으로 파일 시스템 접근으로 간주되지 않습니다. 2. **악의적 코드 없음:** 'main.py'는 HTTP 요청 유효성 검사 로직만을 포함하며, 데이터 탈취, 시스템 파괴, 난독화 등의 악의적인 목적의 코드는 발견되지 않았습니다. 'base64.b64decode' 사용은 Basic 및 Bearer JWT 인증 토큰의 형식을 검증하기 위한 정당한 목적입니다. 3. **외부 통신 없음:** 네트워크 관련 모듈(예: 'requests', 'urllib.request', 'socket') 사용이 없어 선언되지 않은 외부 통신은 없습니다. 4. **사용자 데이터 무단 수집/전송 없음:** 입력된 HTTP 요청 데이터를 검증하는 데에만 사용하며, 외부로 데이터를 저장하거나 전송하는 기능이 없습니다. 5. **코드 품질:** 스킬의 목적(HTTP 요청 유효성 검사)에 부합하는 명확하고 잘 구조화된 코드입니다. RFC 표준 및 OpenAPI 스펙에 따른 다양한 유효성 검사 로직이 구현되어 있으며, 테스트 코드도 충실하게 작성되어 있습니다. 정적 분석에서 'main.py'의 'base64.b64decode'는 인증 토큰 유효성 검사를 위한 정당한 사용이며 보안 위험이 없습니다. 'tests/_test_local.py'에서 'subprocess.run'이 발견되었으나, 이는 스킬의 런타임 코드가 아닌 테스트 스크립트이므로 스킬 자체의 보안과는 무관합니다.

Version History

Version USK v3 Vetting Status Packaged At Downloads Changelog
v1.0.0 approved 2026-06-11 ⬇ 3

Examples 7

Representative input/output examples for this skill. Agents can use these to understand how to invoke the skill and what output to expect.

Valid GET request
# happy-path# get

A well-formed GET request with Accept header passes validation

📥 Input
{
  "headers": {
    "Accept": "application/json"
  },
  "method": "GET",
  "url": "https://api.example.com/users/123"
}
📤 Output
{
  "auth_scheme_detected": null,
  "errors": [],
  "is_valid": true,
  "summary": {
    "auth_present": false,
    "error_count": 0,
    "warning_count": 0
  },
  "warnings": []
}
Bearer JWT structure validation failure
# auth# jwt# bearer

An Authorization header with a malformed Bearer token (not 3-part JWT) triggers INVALID_BEARER_FORMAT

📥 Input
{
  "headers": {
    "Authorization": "Bearer notavalidjwt"
  },
  "method": "GET",
  "url": "https://api.example.com/profile"
}
📤 Output
{
  "auth_scheme_detected": "Bearer",
  "errors": [
    {
      "code": "INVALID_BEARER_FORMAT",
      "field": "headers.Authorization",
      "message": "Bearer token must be a JWT with 3 dot-separated base64url-encoded parts (header.payload.signature)"
    }
  ],
  "is_valid": false,
  "summary": {
    "auth_present": true,
    "error_count": 1,
    "warning_count": 0
  },
  "warnings": []
}
Unfilled path parameter detection
# url# path-param

URL containing unreplaced template placeholder triggers UNFILLED_PATH_PARAM

📥 Input
{
  "headers": {
    "Accept": "application/json"
  },
  "method": "GET",
  "url": "https://api.example.com/users/{id}/posts"
}
📤 Output
{
  "auth_scheme_detected": null,
  "errors": [
    {
      "code": "UNFILLED_PATH_PARAM",
      "field": "url",
      "message": "URL contains unfilled path parameter: {id}"
    }
  ],
  "is_valid": false,
  "summary": {
    "auth_present": false,
    "error_count": 1,
    "warning_count": 0
  },
  "warnings": []
}
POST with body missing Content-Type
# post# content-type

A POST request carrying a body but without Content-Type header triggers CONTENT_TYPE_MISMATCH

📥 Input
{
  "body": {
    "item_id": "abc123",
    "quantity": 2
  },
  "method": "POST",
  "url": "https://api.example.com/orders"
}
📤 Output
{
  "auth_scheme_detected": null,
  "errors": [
    {
      "code": "CONTENT_TYPE_MISMATCH",
      "field": "headers.Content-Type",
      "message": "Request has a body but Content-Type header is missing"
    }
  ],
  "is_valid": false,
  "summary": {
    "auth_present": false,
    "error_count": 1,
    "warning_count": 0
  },
  "warnings": []
}
OpenAPI required header validation
# openapi# required-header

Missing X-Tenant-ID required by OpenAPI operation triggers MISSING_REQUIRED

📥 Input
{
  "headers": {
    "Accept": "application/json"
  },
  "method": "GET",
  "openapi_operation": {
    "parameters": [
      {
        "in": "header",
        "name": "X-Tenant-ID",
        "required": true,
        "schema": {
          "type": "string"
        }
      }
    ]
  },
  "url": "https://api.example.com/tenant/data"
}
📤 Output
{
  "auth_scheme_detected": null,
  "errors": [
    {
      "code": "MISSING_REQUIRED",
      "field": "headers.X-Tenant-ID",
      "message": "Required header \u0027X-Tenant-ID\u0027 is missing (required by OpenAPI spec)"
    }
  ],
  "is_valid": false,
  "summary": {
    "auth_present": false,
    "error_count": 1,
    "warning_count": 0
  },
  "warnings": []
}
API Key header auto-detection
# auth# api-key# happy-path

X-API-Key header is automatically detected and reported as ApiKey scheme

📥 Input
{
  "body": {
    "event": "user.created"
  },
  "headers": {
    "Content-Type": "application/json",
    "X-API-Key": "a valid API key string"
  },
  "method": "POST",
  "url": "https://api.example.com/events"
}
📤 Output
{
  "auth_scheme_detected": "ApiKey",
  "errors": [],
  "is_valid": true,
  "summary": {
    "auth_present": true,
    "error_count": 0,
    "warning_count": 0
  },
  "warnings": []
}
Korean language error output
# korean# i18n# invalid-method

output_language=ko returns error messages in Korean

📥 Input
{
  "method": "INVALID_METHOD",
  "output_language": "ko",
  "url": "https://api.example.com/items"
}
📤 Output
{
  "auth_scheme_detected": null,
  "errors": [
    {
      "code": "INVALID_METHOD",
      "field": "method",
      "message": "\ud5c8\uc6a9\ub418\uc9c0 \uc54a\ub294 HTTP \uba54\uc11c\ub4dc\uc785\ub2c8\ub2e4: INVALID_METHOD"
    }
  ],
  "is_valid": false,
  "summary": {
    "auth_present": false,
    "error_count": 1,
    "warning_count": 0
  },
  "warnings": []
}

All examples are also available via the agent API: /v1/agent/skills/82697ffe-f69a-44a9-ace7-27a292de906d/schema

Reviews & Ratings

No reviews yet. Be the first to leave one!

✍️ Write a Review