HAL (HTTP MCP)
MCP HTTP toolkit exposing all 7 HTTP methods with secret substitution and broad error handling.
๐ก๏ธ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for HAL (HTTP MCP), derived from its capabilities.
AIVSS 9.1 ยท Critical
View MAESTRO 7-layer threat model โOverview
HAL provides a generic HTTP toolkit over MCP with GET/POST/PUT/PATCH/DELETE/HEAD/OPTIONS, secret substitution, and support for JSON/XML/HTML/form data. A general-purpose HTTP client for an agent is a wide surface: it can call arbitrary endpoints (SSRF risk) and injects response bodies as untrusted context; the secret-substitution feature also concentrates credentials.
Key features
- All 7 HTTP methods
- Secret substitution
- JSON/XML/HTML/form support
Use cases
- Generic API calls from an agent
- Testing and integrating HTTP APIs