ClawHub

Web Distiller

v0.1.0

Fetch agent-ready cleaned Markdown from the Distiller API instead of relying on raw webpage fetches.

0· 102·0 current·0 all-time
by@edwardyen724-g
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill name/description (fetch cleaned Markdown from Distiller) matches what the SKILL.md instructs (POST /markdown, optional /distill, batch endpoints). The only required environment variables (DISTILLER_API_BASE and a primary API key) align with a typical API integration.
Instruction Scope
SKILL.md limits runtime actions to calling the Distiller endpoints, guiding operators to the dashboard for an API key, and polling batch jobs. It does not instruct reading unrelated host files, other env vars, or sending data to unknown endpoints; the external endpoints mentioned are consistently under webdistiller.dev.
Install Mechanism
This is an instruction-only skill (no install spec or code files). SKILL.md suggests 'pip install web-distiller' but the registry bundle contains no install spec or package provenance. This is not necessarily malicious, but you should verify the pip package identity/source before running it.
Credentials
Only DISTILLER_API_BASE and a primary API key are requested, which is proportional for a remote-API integration. No unrelated secrets or config paths are requested.
Persistence & Privilege
The skill is not always-on and does not request system-wide configuration or elevated privileges. It is user-invocable and allows autonomous invocation by default, which is the platform norm.
Assessment
This skill appears coherent for calling a hosted Distiller API, but before installing or using it: 1) Verify the webdistiller.dev service is the legitimate provider you expect (check official site or vendor docs). 2) If you plan to run the suggested 'pip install web-distiller', locate the package on PyPI or the vendor's source repo and inspect its provenance and code before installing. 3) Treat DISTILLER_API_KEY as a secret: provide it only if you trust the service and understand what web content will be sent to that API (avoid sending private/internal pages). 4) If you need stronger isolation, create a dedicated API key with limited scope or run the integration in a sandbox. 5) If you require assurance about billing or data retention (distill vs markdown, batch jobs), confirm the product's pricing/terms before enabling paid endpoints.

Like a lobster shell, security has layers — review code before you run it.

latestvk97df5qmp36q4n425fzbtnvfe183fc9e

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvDISTILLER_API_BASE
Primary envDISTILLER_API_KEY

Comments