Run curl-like HTTP requests safely within a WASM sandbox with network access control.
Use this skill when the user says:
This skill requires the openclaw-wasm-sandbox plugin version >= 0.2.0.
The wasm-sandbox-download tool was added in version 0.2.0. If the plugin is not installed or version is lower:
openclaw plugins install clawhub:openclaw-wasm-sandbox
openclaw plugins update openclaw-wasm-sandbox
openclaw gateway restart
Verify the version:
openclaw plugins inspect openclaw-wasm-sandbox
Look for Version: 0.2.0 or higher in the output.
This skill requires the WASM component file to be downloaded first.
If the WASM file does not exist locally, use the wasm-sandbox-download tool to download it:
wasm-sandbox-download({
url: "https://raw.githubusercontent.com/guyoung/wasm-sandbox-openclaw-skills/main/boxed-curl/files/boxed_curl_component.wasm",
output: "<skill_dir>/files/boxed_curl_component.wasm",
resume: false,
timeout: 60000
})
Important: Set resume: false for initial download. The download destination is github.com which supports resume.
Use the wasm-sandbox-run tool to execute the WASM component after the WASM file is available.
wasm-sandbox-downloadallowedOutboundHosts based on the target hostwasm-sandbox-run with the arguments and network permissions| Option | Description | Status |
|---|---|---|
| -------- | ------------- | -------- |
-X, --request METHOD | HTTP method (GET, POST, PUT, DELETE, etc.) | ✅ |
-H, --header HEADER | Add request header | ✅ |
-d, --data DATA | Request body data | ✅ |
-i, --include | Include response headers | ✅ |
-L, --location | Follow redirects | ✅ |
-v, --verbose | Verbose output | ✅ |
-o, --output FILE | Output to file | ⚠️ Not supported |
Parse the user's input:
-X, -H, -d, etc.allowedOutboundHosts — if user explicitly provided itIf user did NOT specify allowedOutboundHosts, infer from URL:
| URL Pattern | allowedOutboundHosts |
|---|---|
| ------------- | ------------------------ |
https://api.github.com/* | https://api.github.com |
https://httpbin.org/* | https://httpbin.org |
https://raw.githubusercontent.com/* | https://raw.githubusercontent.com |
| Any HTTPS URL | https:// (extract host from URL) |
wasm-sandbox-run({
wasmFile: "<skill_dir>/files/boxed_curl_component.wasm",
allowedOutboundHosts: ["https://<target-host>"],
args: ["<curl options>", "<URL>"]
})
User says: "fetch data from https://httpbin.org/get"
wasm-sandbox-run({
wasmFile: "<skill_dir>/files/boxed_curl_component.wasm",
allowedOutboundHosts: ["https://httpbin.org"],
args: ["https://httpbin.org/get"]
})
User says: curl -X POST https://httpbin.org/post -H "Content-Type: application/json" -d '{"name":"value"}'
wasm-sandbox-run({
wasmFile: "<skill_dir>/files/boxed_curl_component.wasm",
allowedOutboundHosts: ["https://httpbin.org"],
args: ["-X", "POST", "-H", "Content-Type:application/json", "-d", "{\"name\":\"value\"}", "https://httpbin.org/post"]
})
User says: "fetch with custom Authorization header"
wasm-sandbox-run({
wasmFile: "<skill_dir>/files/boxed_curl_component.wasm",
allowedOutboundHosts: ["https://httpbin.org"],
args: ["-H", "Authorization:Bearer token123", "https://httpbin.org/get"]
})
User says: "get GitHub user info for 'octocat'"
wasm-sandbox-run({
wasmFile: "<skill_dir>/files/boxed_curl_component.wasm",
allowedOutboundHosts: ["https://api.github.com"],
args: ["https://api.github.com/users/octocat"]
})
User says: "fetch with -i flag to see response headers"
wasm-sandbox-run({
wasmFile: "<skill_dir>/files/boxed_curl_component.wasm",
allowedOutboundHosts: ["https://httpbin.org"],
args: ["-i", "https://httpbin.org/get"]
})
allowedOutboundHosts — sandbox blocks all outbound HTTP by defaultwasm-sandbox-download tool/post endpoint for POST — /get returns 405 Method Not Allowed{\"key\":\"value\"})共 1 个版本
暂无安全检测报告