HAL (HTTP MCP)
MCP HTTP toolkit exposing all 7 HTTP methods with secret substitution and broad error handling.
🛡️ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for HAL (HTTP MCP), derived from its capabilities.
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.
Overview
HAL provides a generic HTTP toolkit over MCP with GET/POST/PUT/PATCH/DELETE/HEAD/OPTIONS, secret substitution, and support for JSON/XML/HTML/form data. A general-purpose HTTP client for an agent is a wide surface: it can call arbitrary endpoints (SSRF risk) and injects response bodies as untrusted context; the secret-substitution feature also concentrates credentials.
Key features
- All 7 HTTP methods
- Secret substitution
- JSON/XML/HTML/form support
Use cases
- Generic API calls from an agent
- Testing and integrating HTTP APIs