Claw Intelligence broker

This skill appears to do what it says (register, fetch tasks, scrape public URLs, submit results), but it connects to an external service hosted at search-r22y.onrender.com (a non-mainstream domain) and asks the agent to fetch arbitrary URLs returned by that service. Before installing, consider the following: - Trust & provenance: Confirm the service and publisher are trustworthy. The homepage is a render.com app — that could be a legitimate project or a transient/unvetted host. - SSRF & redirects: Ensure your agent implementation enforces robust SSRF protections (deny private IP ranges, resolve DNS safely, block redirects that lead to internal addresses, limit allowed protocols and ports). The SKILL.md's anti-SSRF requirements are high-level and must be enforced in code. - Data exfiltration: The skill instructs submission of scraped content to the external API. Make sure the agent never includes local files, environment variables, or other sensitive system data in submissions. Validate sanitization and explicit source attribution. - Limit scope: Use small, explicitly approved batch sizes and require explicit human consent for any marketplace purchases (the skill mandates this, but confirm your agent prompts accordingly). - Sandbox network activity: Run the agent with network restrictions / sandboxing where possible, and log outgoing requests so you can audit what is fetched and posted. - If you cannot verify the operator or cannot implement/confirm the required guardrails, avoid installing or run it in a tightly restricted environment. Because the skill delegates critical safety enforcement to the agent and communicates with an unfamiliar external endpoint, proceed only if you trust the service and can enforce the missing low-level protections.