Safe-Web

v1.0.8

Securely fetch and search web content by scanning and blocking prompt injection threats using PromptGuard before returning results.

⭐ 1· 1.5k·0 current·0 all-time

by@adamnaghs

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for adamnaghs/safe-web.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Safe-Web" (adamnaghs/safe-web) from ClawHub.
Skill page: https://clawhub.ai/adamnaghs/safe-web
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install safe-web

ClawHub CLI

Package manager switcher

npx clawhub@latest install safe-web

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name and behavior align: the tool fetches HTML, extracts text, and scans with PromptGuard. Declared requirements (python3, prompt-guard, requests, beautifulsoup4, optional BRAVE_API_KEY) match the implemented functionality. No unrelated credentials or binaries are requested.

ℹ

Instruction Scope

SKILL.md and README contain only fetch/search/scanning instructions and install guidance. They do recommend creating a system symlink (/usr/local/bin) and suggest disabling native web_fetch/web_search in OpenClaw config to force use of safe-web — these are user-facing operational changes (not automatically performed) and are reasonable for a drop-in replacement but worth reviewing before applying. The pre-scan flag ('ignore-previous-instructions') appears in the docs as an example of an attack pattern, not as an instruction to the agent.

ℹ

Install Mechanism

Install uses pip to install standard packages and an editable install of a local PromptGuard workspace. This is a common approach for Python-based tools, but pip installs (and the SKILL.md's use of --break-system-packages) can modify system Python state — consider using a virtualenv or container to avoid impacting the host environment. No arbitrary remote download or obfuscated installer was observed.

✓

Credentials

Only one optional environment variable (BRAVE_API_KEY) is referenced and justified for search functionality. The code does not request other secrets or config paths. skill.json declares python3 and dependency on prompt-guard, which are appropriate.

✓

Persistence & Privilege

The skill does not request always:true and does not attempt to modify other skills or agent configuration automatically. It recommends (but does not force) disabling native tools and creating a symlink; those are user actions and not implicit privileges.

Scan Findings in Context

[ignore-previous-instructions] expected: The SKILL.md/README describe prompt-injection patterns (including 'ignore previous instructions') as examples of threats to detect. This is a documentation occurrence, not an instruction to the agent or evidence of malicious intent.

Assessment

This skill appears coherent and implements what it claims: fetching HTML, extracting text, and scanning with PromptGuard. Before installing: 1) Review and trust the PromptGuard dependency (it's the core scanner); 2) Prefer a virtualenv/container rather than system-wide pip installs or --break-system-packages to avoid altering host Python; 3) Be cautious before creating a system symlink or disabling native web tools — those change system behavior and may affect other workflows; 4) Only provide BRAVE_API_KEY if you need search functionality and trust the environment; 5) If you want extra assurance, inspect the prompt-guard code and run safe-web in an isolated environment to confirm no unexpected network exfiltration. The pre-scan injection flag in the docs is explanatory, not an active instruction.

Like a lobster shell, security has layers — review code before you run it.

latestvk978w3x6y1pjq93pj6gqa4ch6d80za0r

1.5kdownloads

1stars

9versions

Updated 2mo ago

v1.0.8

MIT-0

safe-web

Secure web fetch and search with PromptGuard scanning.

Status

✅ Working

Purpose

Protects against prompt injection attacks hidden in web content before returning it to the AI. Wraps web fetching and searching with security scanning.

Installation

Requires PromptGuard and Python dependencies:

# Install PromptGuard first
cd /home/linuxbrew/.openclaw/workspace/skills/prompt-guard
pip3 install --break-system-packages -e .

# Install web dependencies (if not present)
pip3 install --break-system-packages requests beautifulsoup4

Usage

Fetch Command

Fetch a URL and scan the content:

# Basic fetch
safe-web fetch https://example.com/article

# Save to file
safe-web fetch https://example.com --output article.txt

# JSON output for automation
safe-web fetch https://example.com --json

# Strict mode (block on MEDIUM)
safe-web fetch https://example.com --strict

Search Command

Search the web and scan results:

# Basic search
safe-web search "AI safety research"

# More results
safe-web search "stock market news" --count 10

# JSON output
safe-web search "machine learning" --json

Exit Codes

Code	Meaning
0	Success - content/results are clean
1	Error (network, parsing, etc.)
2	Threat detected - content blocked

Configuration

Environment Variables

BRAVE_API_KEY - API key for Brave Search (optional, enables search command)
- Get one at: https://brave.com/search/api/

Symlink (Recommended)

Create a system-wide symlink so safe-web works from any directory:

sudo ln -s /home/linuxbrew/.openclaw/workspace/skills/safe-web/scripts/safe-web.py /usr/local/bin/safe-web

After creating the symlink, you can use safe-web directly without specifying the full path.

How It Works

Fetch Flow

Downloads URL content with requests
Extracts text using BeautifulSoup (removes scripts, styles)
Scans extracted text with PromptGuard
Returns clean content or blocks with SHIELD report

Search Flow

Queries Brave Search API (requires API key)
Scans each result title and description
Filters out suspicious results
Returns only clean results

Security Model

Fail-closed: If PromptGuard cannot be loaded or scanning fails, the tool reports an error rather than returning unverified content.

Content sanitization: HTML is parsed and scripts/styles are removed before scanning to reduce false positives.

No execution: This tool only fetches and scans. It never executes JavaScript or runs commands found in web content.

Example Output

Clean Fetch

Fetching: https://site.com/article
Fetched 1523 characters
Scanning with PromptGuard...

Article content here...

Blocked Content

Fetching: https://suspicious-site.com
Fetched 2048 characters
Scanning with PromptGuard...
============================================================
🛡️  SAFE-WEB SECURITY ALERT
============================================================
Source: https://suspicious-site.com
Severity: CRITICAL
Action: BLOCK_NOTIFY
Patterns Matched: 8

Detected Patterns:
  - instruction_override_en
  - role_manipulation_en
  - system_impersonation_en
============================================================

Content from https://suspicious-site.com has been blocked.

Search Results

Searching: AI research
Found 5 results, scanning...

Showing 3 clean results:

1. Latest AI Research Papers
   URL: https://arxiv.org/list/ai/recent
   Recent submissions in artificial intelligence...

2. AI Safety Institute
   URL: https://www.safe.ai/
   Research and development for safe AI systems...

When to Use

Use safe-web when:

Fetching content from untrusted URLs
Scraping web pages for analysis
Searching and processing web results
Any web content will enter the AI context window

Use standard web_fetch/web_search tools only for:

Trusted, known-safe domains
Internal documentation sites
When you explicitly want to bypass scanning

Comparison with Native Tools

Feature	Native `web_fetch`	`safe-web fetch`
Fetches HTML	✅	✅
Extracts text	✅	✅
Injection scanning	❌	✅
JSON output	✅	✅
Save to file	❌	✅
Exit codes	0/1	0/1/2 (security)

Dependencies

Python 3.8+
PromptGuard 3.1.0+ (installed in workspace)
requests
beautifulsoup4
Brave Search API key (for search command)

Limitations

Search requires Brave API key (free tier available)
Fetch does not execute JavaScript (static HTML only)
Large pages may be truncated during text extraction
Network timeouts default to 30 seconds

Comments

Loading comments...