Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Web Intel
v1.0.0网络搜索与信息提取统一入口。整合 content-extraction、Jina Reader、Firecrawl、web-access CDP。自动选最经济工具链。可被 BMW(brand-marketing-workflow)、wealth 子代理等直接调用。
⭐ 0· 39·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (web search + extraction router) match the implementation: it routes to r.jina.ai (Jina Reader), firecrawl CLI, a local web-access CDP proxy, and delegates to a content-extraction handler. No unrelated credentials, binaries, or surprising capabilities are requested.
Instruction Scope
SKILL.md and the CLI script operate within expected boundaries: they call firecrawl, r.jina.ai, and a localhost CDP proxy and import a local content-extraction router. Note that deep mode will access the local CDP (localhost:3456) which can expose pages requiring the user's browser login state — this is expected for the described purpose but is a privacy consideration.
Install Mechanism
No install spec (instruction-only + Python script). No downloads or archive extraction. The skill expects external tools to already exist (firecrawl, web-access). This is low-risk from an install perspective.
Credentials
The skill does not request environment variables, keys, or config paths. It does access local filesystem paths inside the skills workspace and contacts r.jina.ai and localhost:3456 — all proportional to a web-extraction router.
Persistence & Privilege
always is false and the skill does not request permanent platform-wide privileges or modify other skills. It runs when invoked and can be called autonomously by the agent (normal default).
Assessment
This skill appears coherent with its stated role as a router between local tools and r.jina.ai. Before enabling it: (1) Confirm you trust the installed firecrawl binary and understand what network calls it performs, since the script invokes it via subprocess. (2) Be aware that deep mode will use a local CDP proxy (localhost:3456) and therefore can read pages that require your browser's login/session state — only enable deep-mode usage if you trust the web-access CDP proxy and the skill. (3) Verify the presence and integrity of the referenced skills/content-extraction scripts in your workspace; if those are missing the skill will degrade but still run other backends. (4) If you have strong privacy requirements, test the script in a sandboxed environment first to observe network calls and outputs.Like a lobster shell, security has layers — review code before you run it.
browservk97ehd69eg1fak9rfw5cqb45n583xyejcdpvk97ehd69eg1fak9rfw5cqb45n583xyejcompetitorvk97ehd69eg1fak9rfw5cqb45n583xyejextractionvk97ehd69eg1fak9rfw5cqb45n583xyejfinancevk97ehd69eg1fak9rfw5cqb45n583xyejfirecrawlvk97ehd69eg1fak9rfw5cqb45n583xyejjinavk97ehd69eg1fak9rfw5cqb45n583xyejlatestvk97ehd69eg1fak9rfw5cqb45n583xyejroutingvk97ehd69eg1fak9rfw5cqb45n583xyejsearchvk97ehd69eg1fak9rfw5cqb45n583xyej
License
MIT-0
Free to use, modify, and redistribute. No attribution required.