Safe Web Fetch for Save Token
ReviewAudited by ClawScan on May 10, 2026.
Overview
This web-fetch skill is mostly purpose-aligned, but its code appears to undercut some of its strongest safety claims around SSL, sensitive-data checks, and SSRF protection.
Review before installing. The skill is not clearly malicious, but avoid using it for sensitive, authenticated, internal, or token-bearing URLs until its SSL, sensitive-data, and redirect-handling claims are corrected and verified.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may trust the skill to avoid insecure or sensitive fetches, while the main fetch path can still send URLs and retrieved content through Jina without the advertised local sensitive-data screening.
The skill advertises forced SSL verification and sensitive-data detection, but the primary Jina path rewrites the target into an HTTP-form Jina URL and explicitly disables sensitive-data checks for the fetched Jina result.
clean_url = original_url.replace('https://', '').replace('http://', '')
jina_url = f"https://r.jina.ai/http://{clean_url}"
...
result = fetch_url_direct(jina_url, config, check_sensitive=False)Do not use this skill for private, authenticated, token-bearing, or sensitive URLs unless the implementation is changed to preserve HTTPS target semantics, inspect URL/query secrets before third-party routing, and accurately document what is and is not scanned.
A public URL that redirects to a private or internal address could potentially bypass the initial SSRF checks during direct fallback fetching.
The visible code validates the original URL before fetching, then uses urllib's normal URL opening path; the shown implementation does not revalidate the final URL after redirects, despite claiming SSRF protection.
is_valid, error = validate_url(original_url, config) ... with urllib.request.urlopen(req, timeout=config['timeout'], context=ssl_context) as response:
Validate every redirect target before following it, enforce the configured max_redirects, and re-check the final resolved hostname/IP before returning content.
URLs and fetched web content may be processed outside the local agent environment.
The skill clearly discloses that it uses the external Jina Reader service to fetch and clean pages; this is purpose-aligned but means requested URLs and page content may be handled by a third party.
自动使用 Jina Reader 获取干净 Markdown
Use this only for public or non-sensitive pages, and configure an allowlist if you want to restrict which domains can be fetched.