ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AWI

v0.1.0

AWI (Agentic Web Interface) — 联网读取+搜索,单二进制零配置。 三级自动降级:直连 → 智能适配 → 浏览器渲染。 不需要 API Key,不需要 Docker。

0· 343·2 current·2 all-time
by@jzocb
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Agentic Web Interface — read + search) align with the declared requirement of an 'awi' binary and the runtime examples (awi read, awi search). No unrelated credentials, config paths, or binaries are requested.
Instruction Scope
SKILL.md instructs the agent to run the awi CLI for reading and searching web content and provides an install command. It does not ask the agent to read unrelated files, environment variables, or transmit local data to unexpected endpoints. Allowed tool 'exec' is appropriate for invoking the binary.
Install Mechanism
The included install script downloads a release binary from the project's GitHub releases (HTTPS) into ${HOME}/bin and makes it executable — this is typical for a small CLI. The script does not verify checksums or signatures of the binary, which is a moderate integrity/traceability omission to be aware of.
Credentials
No environment variables, credentials, or config paths are required. The skill does not request unrelated secrets or system-level access.
Persistence & Privilege
The skill is not forced-always, does not request elevated or cross-skill config changes, and installs only to the user's ${HOME}/bin. Autonomous model invocation remains enabled (default) but this is expected behavior and not an additional privilege.
Assessment
This skill is internally consistent with a small CLI that reads web pages and performs DuckDuckGo searches. Before installing: (1) Confirm the GitHub repository and release page (https://github.com/jzOcb/awi) are legitimate and match the project you expect. (2) Prefer building from source or verify release checksums/signatures if you need higher assurance — the install script does not verify integrity beyond HTTPS download. (3) Note the binary will run network requests (expected for a web reader); if you need containment, test it in a sandbox or restricted environment. (4) If you expect continuous autonomous use, remember the agent may invoke the installed binary when permitted — that is normal but something to consider for sensitive environments.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ephqmkp6wg8bktpxpfdnw3n82733dreadervk97ephqmkp6wg8bktpxpfdnw3n82733dsearchvk97ephqmkp6wg8bktpxpfdnw3n82733dutilityvk97ephqmkp6wg8bktpxpfdnw3n82733dwebvk97ephqmkp6wg8bktpxpfdnw3n82733d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌐 Clawdis
Binsawi

Comments