ClawHub

Markdown Browser

v0.1.0

Wrapper skill for OpenClaw web_fetch results. Use when you need MECE post-processing on fetched pages: policy decision from Content-Signal, privacy redaction...

0· 493·0 current·0 all-time
by@johnortegahyc
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe a wrapper for OpenClaw web_fetch results. The included code implements exactly that: it accepts a web_fetch JSON, normalizes content (markdown/html/text), parses a Content-Signal header to decide policy_action, and redacts URL components. No unrelated credentials, binaries, or system resources are required.
Instruction Scope
SKILL.md instructs callers to call the official web_fetch and pass its JSON into this wrapper. The implementation follows that contract (no direct HTTP calls, reads only the provided web_fetch_result and optional headers, outputs normalized JSON). The wrapper only reads stdin or a specified input file and does not access other files or environment variables.
Install Mechanism
No install spec in the registry (instruction-only), but package.json declares a dependency on the npm package 'turndown'. The SKILL.md recommends running 'npm install' in the skill directory to satisfy that dependency. This is a standard, low-risk mechanism but does involve fetching a third-party npm package (audit if you require stronger supply-chain guarantees).
Credentials
The skill declares no required environment variables, credentials, or config paths. The code does not read environment credentials. It only processes input JSON and optional header strings; the set of requested inputs is minimal and proportional to the described functionality.
Persistence & Privilege
The skill does not ask for persistent presence (always:false) and does not modify system- or other-skill configuration. It is a local processing wrapper and does not attempt to persist credentials or escalate privileges.
Assessment
This skill appears coherent and limited in scope: it processes an existing web_fetch JSON, normalizes text, computes a simple policy decision from a Content-Signal header, and redacts URL parts. Things to consider before installing: (1) npm install will fetch the 'turndown' package from the public registry—audit that dependency if you need supply-chain assurance; (2) redaction is heuristic: query values are replaced with '[redacted]' for parameter names that match a short sensitive list and '[masked]' otherwise—this may not catch all secrets, so don’t rely on it as a perfect sanitizer; (3) the policy decision logic is simple (ai-input yes/no/other -> allow/block/needs_review) and depends on correctly-formed headers; malformed headers may yield 'needs_review'; (4) the skill does not make network requests itself, but it will output whatever is in the supplied web_fetch_result, so ensure the source of that JSON is trusted. Overall the skill is internally consistent with its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dmfv9wy91kfqzkb83k3tfvd81cysy
493downloads
0stars
1versions
Updated 1mo ago
v0.1.0
MIT-0
@johnortegahyc
latest
Download

Markdown Browser Skills

This skill is an orchestration layer, not a replacement fetcher. It always keeps official web_fetch as the fetch source of truth.

MECE Architecture

  1. Fetch layer (official, exclusive)
  • Use OpenClaw web_fetch to retrieve the page.
  • Do not call direct HTTP fetch inside this skill for normal operation.
  1. Policy layer (these skills)
  • Parse Content-Signal and compute policy_action.
  • Current action focuses on ai-input semantics: allow_input, block_input, needs_review.
  1. Privacy layer (these skills)
  • Redact path/fragment/query values in output URL fields.
  • Keep URL shape useful for debugging without leaking sensitive values.
  1. Normalization layer (these skills)
  • If contentType=text/markdown, keep content as-is.
  • If contentType=text/html, convert with turndown as fallback enhancement.
  • For other content types, pass through text.

Execution Order

  1. Call official web_fetch.
  2. Pass the result JSON into this wrapper.
  3. Optionally pass Content-Signal and x-markdown-tokens header values if available.
  4. Use the returned normalized object for downstream agent logic.

Wrapper Tool

process_web_fetch_result({ web_fetch_result, content_signal_header, markdown_tokens_header })

Input:

  • web_fetch_result (required): JSON payload returned by OpenClaw web_fetch.
  • content_signal_header (optional): raw Content-Signal header string.
  • markdown_tokens_header (optional): raw x-markdown-tokens header value.

Output:

  • content
  • format (markdown | html-fallback | text)
  • token_estimate (number | null)
  • content_signal
  • policy_action
  • source_url (redacted)
  • status_code
  • fallback_used

CLI Usage

# Install runtime dependency once inside the skill directory
npm install --omit=dev

# 1) Obtain a web_fetch payload first (from OpenClaw runtime)
# 2) Save it as /tmp/web_fetch.json
# 3) Run wrapper post-processing
node browser.js \
  --input /tmp/web_fetch.json \
  --content-signal "ai-input=yes, search=yes, ai-train=no" \
  --markdown-tokens "1820"

Comments

Loading comments...