ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Boxed Fetch

v1.0.0

Lightweight web scraping tool based on WebAssembly sandbox mechanism. Fetches URL content and extracts readable text. Use when you need to fetch webpage cont...

0· 45·0 current·0 all-time
by@guyoung
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description (WASM-based sandboxed web fetcher) match the instructions which download and run a WASM component to fetch pages. However the SKILL.md requires an external 'openclaw-wasm-sandbox' plugin but the skill metadata does not declare that dependency; that mismatch is unexpected and reduces transparency.
Instruction Scope
Instructions are narrowly scoped to downloading a single WASM file and running it with an allowlist of outbound hosts and HTTPS-only URLs. The skill does not request unrelated files, secrets, or system paths. The notable instruction-level risk: it tells the agent to download and execute a remote WASM binary (from raw.githubusercontent.com) which could change over time or contain malicious behavior; the run API delegates sandboxing to an external plugin whose security you must trust.
Install Mechanism
No install spec (instruction-only). The download URL is raw.githubusercontent.com (a common release host), which is better than arbitrary personal servers, but the workflow writes an executable WASM to ~/.openclaw/skills/... and then runs it — this is an external binary being introduced to disk and executed (inside a plugin-provided sandbox). There is no checksum, signature, or pinned release referenced.
Credentials
The skill requests no environment variables, credentials, or system config paths. Examples and options are limited to API of the wasm-sandbox-run call (wasm file, allowedOutboundHosts, args). No secrets are requested or used in the SKILL.md.
Persistence & Privilege
always is false and the skill is user-invocable. It writes its WASM under ~/.openclaw/skills/boxed-fetch/... which is confined to its own skill directory; it does not claim to change other skills or global agent settings.
What to consider before installing
This skill is coherent with its stated purpose but has two practical concerns you should address before use: (1) it asks you to download and run a remote WASM binary — verify the binary's provenance (use a pinned release, checksum, or signature) and review the repository/owner (the source is a raw GitHub URL and source metadata is 'unknown'); (2) the SKILL.md depends on the 'openclaw-wasm-sandbox' plugin but the skill metadata doesn't declare that dependency — confirm that plugin is present and understand its sandbox guarantees. Also avoid supplying overly broad allowedOutboundHosts (only include exact hosts you trust), prefer inspecting the WASM or running it in an isolated environment first, and ask the publisher for a signed release or checksum if you need higher assurance.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bbtrkpjeananeax47rxnh2n84kqbq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments