ClawHub

Defuddle (kepano)

v1.0.0

Extract clean markdown content from web pages using Defuddle CLI, removing clutter and navigation to save tokens. Use instead of WebFetch when the user provi...

0· 48·0 current·0 all-time
by@hoyaryyj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The SKILL.md clearly describes using the Defuddle CLI to extract markdown from web pages, which matches the skill name/description. However, the registry metadata lists no required binaries while the instructions require the 'defuddle' CLI (and suggest 'npm install -g defuddle'), so the metadata is missing a declared dependency.
Instruction Scope
Instructions are narrowly scoped to running the defuddle CLI (parse <url> --md and related flags) and saving output; they do not ask the agent to read unrelated files, access extra environment variables, or transmit data to third-party endpoints beyond fetching the provided URL.
Install Mechanism
There is no formal install spec in the skill (instruction-only). SKILL.md recommends installing via 'npm install -g defuddle' — this is a reasonable, common mechanism but relies on an external npm package. Installing packages from public registries carries moderate risk unless the package and publisher are verified.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate for a wrapper around a CLI tool that operates on provided URLs.
Persistence & Privilege
Skill does not request always:true and is user-invocable with standard autonomous invocation allowed. It does not request persistent system-wide privileges or modify other skills' configuration.
Assessment
This skill is coherent: it simply instructs the agent how to use the Defuddle CLI to turn web pages into markdown. Before installing or using it, verify the 'defuddle' npm package and its publisher (npm packages can contain arbitrary code). Consider one of: (1) pre-installing a vetted version of defuddle in the agent environment and add that binary to the agent's allowed list, (2) confirm the npm package's trustworthiness and review its source, or (3) ask the skill author to declare the required binary in the skill metadata so dependency checks can run automatically. If you do not want the agent to run arbitrary global installs or execute external CLIs, do not grant it permission to run the suggested install command.

Like a lobster shell, security has layers — review code before you run it.

content-fetchvk97ehzxsn3v7zycynvtpacmkrd842qafhtmlvk97ehzxsn3v7zycynvtpacmkrd842qaflatestvk97ehzxsn3v7zycynvtpacmkrd842qafobsidianvk97ehzxsn3v7zycynvtpacmkrd842qaf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments