Stats
Actions
Tags
From genesis-tools
Token-efficient HAR (HTTP Archive) file analysis with reference system. Use when user provides a HAR file, asks to analyze network traffic, debug API calls, investigate HTTP requests/responses, or review web performance. Triggers on "analyze HAR", "HAR file", "network traffic", "HTTP archive", "debug requests", "analyze network", "look at this HAR", or when a .har file path is mentioned. NEVER read HAR files directly with cat/jq - always use this tool.
How this skill is triggered — by the user, by Claude, or both
Slash command
/genesis-tools:analyze-harThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Token-efficient HAR analysis. Uses a **reference system** - large data shown once gets a ref ID, subsequent views show `[ref:ID]` + preview instead of repeating.
Token-efficient HAR analysis. Uses a reference system - large data shown once gets a ref ID, subsequent views show [ref:ID] + preview instead of repeating.
NEVER cat, jq, or directly read a HAR file. Always use tools har-analyzer commands. Raw HAR reading wastes 10-100x more tokens.
1. tools har-analyzer load <file.har> # Parse + dashboard (always start here)
2. tools har-analyzer list --status 4xx # Filter to what matters
3. tools har-analyzer domain <domain> # Drill into specific API
4. tools har-analyzer show e14 # Detail for one entry
5. tools har-analyzer show e14 --raw # Full body/headers if needed
6. tools har-analyzer expand e14.rs.body # Re-show a referenced value
| Command | Purpose | Key Options |
|---|---|---|
load <file> | Parse HAR, show dashboard | |
dashboard | Re-show overview stats | |
list | Compact entry table | --domain --status --method --url --limit |
show <eN> | Entry detail (L2) | --raw --section body|headers|cookies |
expand <ref> | Show full referenced data | --schema [skeleton|typescript|schema] |
domains | List domains with stats | |
domain <name> | Drill-down: paths + body previews | --status --method |
search <query> | Grep across entries | --scope url|body|header|all |
errors | 4xx/5xx focus with body previews | |
waterfall | ASCII timing chart | --domain --limit |
security | Find JWT, API keys, insecure cookies | |
size | Bandwidth breakdown by type | |
headers | Deduplicated header analysis | --scope request|response|both |
redirects | Redirect chain tracking | |
cookies | Cookie flow (set/sent tracking) | |
diff <e1> <e2> | Compare two entries | |
export | Export filtered HAR subset | --sanitize --strip-bodies -o file |
| Flag | Purpose |
|---|---|
--format md|json|toon | Output format (default: md) |
--full | Bypass ref system, show everything |
--include-all | Show CSS/JS/image/font bodies (skipped by default) |
[ref:e14.rs.body] {"users":[...]}[ref:e14.rs.body] {"users":[{"id":1,... (1.8KB)expand <refId> to see full content againe{N}.{rq|rs}.{body|headers|cookies}--full flag bypasses refs entirelyBy default, bodies of static assets are skipped (CSS, JS, images, fonts, WASM). Only JSON, HTML, XML, and plain text bodies are shown. Use --include-all to override.
Understand API shape before expanding full body (token-efficient!):
tools har-analyzer expand e14.rs.body --schema # compact skeleton
tools har-analyzer expand e14.rs.body --schema typescript # TS interfaces
tools har-analyzer expand e14.rs.body # full content only if needed
Debug API errors:
tools har-analyzer load capture.har
tools har-analyzer errors # See all 4xx/5xx
tools har-analyzer show e14 --raw # Full error response
Analyze specific API:
tools har-analyzer domain api.example.com # All requests to that domain
tools har-analyzer domain api.example.com --status 4xx
Find sensitive data:
tools har-analyzer security # JWT, API keys, insecure cookies
Compare working vs failing request:
tools har-analyzer diff e5 e14 # Side-by-side comparison
If configured as MCP server (tools har-analyzer mcp), use MCP tools directly:
har_load, har_overview, har_list, har_detail, har_expand, har_search, har_analyze, har_flow, har_diff, har_export
npx claudepluginhub genesiscz/genesistools --plugin genesis-toolsInspects network requests in Chrome DevTools to debug API calls, HTTP traffic, failed requests, and response data. Includes status code references and analysis workflows.
Analyzes network traffic with Wireshark, including live capture, display filtering, and PCAP examination for security investigations, performance optimization, and troubleshooting.
Analyzes PCAP files with Wireshark and tshark to reconstruct network events, extract artifacts, and identify malicious communications like C2 or data exfiltration.