Web Learner
v1.0.0自主上网学习技能 - 让 AI 能够主动搜索、浏览和从互联网获取知识。当用户要求了解最新信息、学习新知识、查询新闻、获取某个主题的详细信息,或需要从网络上获取数据时触发此技能。
⭐ 1· 3.2k·33 current·34 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name and description match the runtime instructions: the SKILL.md explicitly instructs using web_search, web_fetch, and browser tools to perform searches, fetch pages, and render JS-heavy pages. There are no unrelated binaries, credentials, or config paths requested by the skill itself.
Instruction Scope
Instructions stay within the web-retrieval scope (search, fetch, browser). They reference concrete sources (news sites, wttr.in) and require citing sources. A small ambiguity: guidance to "处理反爬虫和登录限制" (handle anti-scraping and login restrictions) is high-level and could be interpreted broadly — the skill does not explicitly instruct bypassing authentication, but this wording could lead an agent to attempt aggressive techniques unless constrained. The SKILL.md also notes web_search requires a Brave API key, but the skill does not declare or request that key.
Install Mechanism
No install spec and no code files — instruction-only. Nothing will be written to disk or fetched by the skill itself.
Credentials
The skill declares no required environment variables or credentials. It does note that some tools (web_search) need a Brave API key and the browser tool needs a running service; those are tool-level requirements rather than skill-level secrets. There are no unexpected secret requests in the skill files.
Persistence & Privilege
always:false and user-invocable:true. The skill does not request permanent presence or attempt to modify agent/system config. Autonomous invocation (disable-model-invocation:false) is the platform default and not a special privilege here.
Assessment
This skill is internally consistent and lightweight (instruction-only). Before installing: (1) confirm how your agent/platform provides the web_search/web_fetch/browser tools and what credentials they require (e.g., Brave API key) — the skill mentions these but doesn't request them; (2) decide whether you want the agent to attempt fetching content behind logins or anti-bot protections and, if not, restrict or clarify that behavior; (3) be mindful of privacy when asking it to fetch URLs or user-specific pages (don’t provide account credentials unless you trust the tool chain); and (4) verify the browser service (if used) runs in a secure, sandboxed environment to avoid exposing local resources.Like a lobster shell, security has layers — review code before you run it.
latestvk97ckgrv1py4htztkdt3chmxe981s2se
License
MIT-0
Free to use, modify, and redistribute. No attribution required.