Back to skill
Skillv1.0.0
ClawScan security
Fetch · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 12, 2026, 7:53 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and resource requirements are consistent with its stated purpose (fetching public URLs and storing cleaned + raw results locally); nothing indicates stealthy exfiltration or unrelated privileges.
- Guidance
- This skill appears coherent and self-contained. Before installing: (1) review and, if desired, run the included scripts locally to confirm behavior; (2) be cautious when fetching untrusted URLs — large responses are not size-limited and raw HTML may contain sensitive data you wouldn't want stored locally; (3) confirm you are comfortable with files being created under ~/.openclaw/workspace/memory/fetch. No credentials or external uploads are requested by the skill.
Review Dimensions
- Purpose & Capability
- okName/description (public fetch + clean + local save) align with the provided scripts: fetch_url.py performs an HTTP(S) GET, extract.py cleans/extracts title/links, and storage writes files under ~/.openclaw/workspace/memory/fetch. There are no requests for unrelated credentials or services.
- Instruction Scope
- okSKILL.md instructions match the scripts' behavior: they require python3, operate on public URLs, store data locally, and offer list/show/save workflows. The scripts do not read other system files, contact endpoints beyond the target URL, or perform browser automation. Minor note: extracted links are returned as-is (may include non-http schemes) and large downloads are not size-limited.
- Install Mechanism
- okNo install spec and no external package downloads — the skill is delivered as scripts and uses only Python stdlib. This is the lowest-risk install model.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths beyond writing to its own ~/.openclaw workspace. Declared runtime constraints (no cookies, no logins) match the code.
- Persistence & Privilege
- okalways is false; the skill does not request permanent/global agent privileges or modify other skills. It writes only to its own workspace directory and job file.