Markdown Browser
v0.1.0Wrapper skill for OpenClaw web_fetch results. Use when you need MECE post-processing on fetched pages: policy decision from Content-Signal, privacy redaction...
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description describe a wrapper for OpenClaw web_fetch results. The included code implements exactly that: it accepts a web_fetch JSON, normalizes content (markdown/html/text), parses a Content-Signal header to decide policy_action, and redacts URL components. No unrelated credentials, binaries, or system resources are required.
Instruction Scope
SKILL.md instructs callers to call the official web_fetch and pass its JSON into this wrapper. The implementation follows that contract (no direct HTTP calls, reads only the provided web_fetch_result and optional headers, outputs normalized JSON). The wrapper only reads stdin or a specified input file and does not access other files or environment variables.
Install Mechanism
No install spec in the registry (instruction-only), but package.json declares a dependency on the npm package 'turndown'. The SKILL.md recommends running 'npm install' in the skill directory to satisfy that dependency. This is a standard, low-risk mechanism but does involve fetching a third-party npm package (audit if you require stronger supply-chain guarantees).
Credentials
The skill declares no required environment variables, credentials, or config paths. The code does not read environment credentials. It only processes input JSON and optional header strings; the set of requested inputs is minimal and proportional to the described functionality.
Persistence & Privilege
The skill does not ask for persistent presence (always:false) and does not modify system- or other-skill configuration. It is a local processing wrapper and does not attempt to persist credentials or escalate privileges.
Assessment
This skill appears coherent and limited in scope: it processes an existing web_fetch JSON, normalizes text, computes a simple policy decision from a Content-Signal header, and redacts URL parts. Things to consider before installing: (1) npm install will fetch the 'turndown' package from the public registry—audit that dependency if you need supply-chain assurance; (2) redaction is heuristic: query values are replaced with '[redacted]' for parameter names that match a short sensitive list and '[masked]' otherwise—this may not catch all secrets, so don’t rely on it as a perfect sanitizer; (3) the policy decision logic is simple (ai-input yes/no/other -> allow/block/needs_review) and depends on correctly-formed headers; malformed headers may yield 'needs_review'; (4) the skill does not make network requests itself, but it will output whatever is in the supplied web_fetch_result, so ensure the source of that JSON is trusted. Overall the skill is internally consistent with its stated purpose.Like a lobster shell, security has layers — review code before you run it.
latest
Markdown Browser Skills
This skill is an orchestration layer, not a replacement fetcher. It always keeps official web_fetch as the fetch source of truth.
MECE Architecture
- Fetch layer (official, exclusive)
- Use OpenClaw
web_fetchto retrieve the page. - Do not call direct HTTP fetch inside this skill for normal operation.
- Policy layer (these skills)
- Parse
Content-Signaland computepolicy_action. - Current action focuses on
ai-inputsemantics:allow_input,block_input,needs_review.
- Privacy layer (these skills)
- Redact path/fragment/query values in output URL fields.
- Keep URL shape useful for debugging without leaking sensitive values.
- Normalization layer (these skills)
- If
contentType=text/markdown, keep content as-is. - If
contentType=text/html, convert withturndownas fallback enhancement. - For other content types, pass through text.
Execution Order
- Call official
web_fetch. - Pass the result JSON into this wrapper.
- Optionally pass
Content-Signalandx-markdown-tokensheader values if available. - Use the returned normalized object for downstream agent logic.
Wrapper Tool
process_web_fetch_result({ web_fetch_result, content_signal_header, markdown_tokens_header })
Input:
web_fetch_result(required): JSON payload returned by OpenClawweb_fetch.content_signal_header(optional): rawContent-Signalheader string.markdown_tokens_header(optional): rawx-markdown-tokensheader value.
Output:
contentformat(markdown|html-fallback|text)token_estimate(number | null)content_signalpolicy_actionsource_url(redacted)status_codefallback_used
CLI Usage
# Install runtime dependency once inside the skill directory
npm install --omit=dev
# 1) Obtain a web_fetch payload first (from OpenClaw runtime)
# 2) Save it as /tmp/web_fetch.json
# 3) Run wrapper post-processing
node browser.js \
--input /tmp/web_fetch.json \
--content-signal "ai-input=yes, search=yes, ai-train=no" \
--markdown-tokens "1820"
Comments
Loading comments...
