Caido Mode

Name: Caido Mode
Rating: 83 (1 reviews)
Author: caido

Trust Score 83/100

Full CLI integration for Caido: search HTTP history, replay and edit requests, manage scopes, create findings, export curl PoCs, and control intercepts via the

triggers:caidohttpqlreplayexport-curlcreate-finding

GitHub SKILL.md

What it does

Caido Mode provides extensive CLI commands and patterns for interacting with a Caido instance via the official @caido/sdk-client. It enables HTTP history search (HTTPQL), replay and edit of requests (preserving auth), session and collection management, scope/filter presets, environment variables for tests, findings creation, fuzzing automation and export-to-curl for PoCs. The skill documents recommended auth setup, CLI usage, and important safety notes (don’t dump raw requests into context).

When to use it

Use when investigating or testing web traffic captured by Caido: replaying real requests, creating PoCs, fuzzing, or creating findings. It's aimed at security workflows where maintaining original auth context and precise HTTPQL queries matters.

What's included

Scripts: references to a CLI caido-client.ts and command examples (has_scripts=false in fetch but sibling files include CLI source)
References: detailed command reference for search/replay/edit/export, HTTPQL operator guide, examples for sessions/collections/fuzzing, and auth setup instructions.
Instructions: how to set up PAT auth, persist tokens, run the CLI commands, and patterns for safe testing (prefer edit over raw replay, use compact outputs, name sessions).

Compatible agents

Agents that can run Node/TS toolchains or execute CLI steps (Claude Code, Node-enabled agents, or local agent runtimes) will benefit most.

Audit Summary

Caido Mode is a comprehensive CLI skill for Caido's web security testing platform, providing HTTP history search, request replay/editing, scope management, findings creation, and intercept control via the official @caido/sdk-client. No bundled scripts were present for runtime testing. The SKILL.md is thorough with clear command examples, workflow patterns, and SDK architecture documentation. Auth uses PAT stored in secrets.json — reasonable for a security tool. The skill targets a niche audience (Caido web security testing users) but delivers deep integration for that audience.

Watch Out

Requires Caido instance running and PAT token configured before use
No runtime verification possible — scripts directory was empty, all functionality depends on external caido-client.ts hosted in the skill repo
Stores tokens in ~/.claude/config/secrets.json — standard for CLI tools but worth noting
HTTPQL has no NOT operator — skill correctly documents this but it's a common mistake

Notes

Well-documented security testing skill with clear architecture. The skill uses official SDK (no raw fetch), has proper auth flow with token caching, and good error handling guidance. Security deductions: PAT token storage in secrets.json (-8), network calls to user's own Caido instance are expected for this tool but still network activity (-5), the skill instructs modifying auth headers and removing CSRF tokens which is the point of a security testing tool but could be misused (-5). No hardcoded credentials, no curl|bash, no exfiltration. Architecture is strong — multi-file SDK structure with clear separation of concerns. Usefulness is limited by Caido's niche audience but very high for that audience.

Information

Repository: skills
Stars: 183
Installs: 0

Trust Score

Overall83

Security82

Code Quality82

Architecture85

Usefulness65

Related Skills

Development Worktree

Create an isolated git worktree for feature work, auto-run project setup, and verify a clean test baseline before development.

Readwise Reader Document Management

Manage Readwise Reader documents: list, save, search, move, tag, highlight, export and bulk-edit via official and custom CLIs.

Bounty Hunter — Atlas

Persona skill: 'Atlas' — a profit-focused developer persona for discovering, evaluating and executing paid bounties or freelance tasks with ROI-aware workflows.

TradeOS

Natural-language driven CEX trading and portfolio management for agents: API key vaulting, multi-exchange orders, DCA, arbitrage scanning, alerts and security r

Full Stack Builder

End-to-end builder that scaffolds, implements, tests, and optionally deploys web and API applications from a natural-language specification.

ezBookkeeping API Tools

Command-line API tools for ezBookkeeping: record and query transactions, retrieve accounts/categories/tags, and fetch exchange rates for self-hosted personal fi

Feishu Voice Sender

Convert MP3s and send them as native Feishu voice messages (playable voice clips) to users or groups.

StateTree Behavior

Tools to create, inspect, and edit Unreal Engine StateTree assets (hierarchical state machines) and Blueprint task workflows.

Back to Skills