Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Amber Url To Markdown
v4.0.3智能 URL 转 Markdown 工具(V4.0 可扩展架构)。**支持自动触发 Hook**,当用户发送 URL 链接时自动抓取内容并转换为 Markdown 格式。采用可扩展的分类处理架构,支持豆包、微信公众号、知乎、掘金等网站。
⭐ 1· 178·1 current·1 all-time
byAmber03@lsa03
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (URL → Markdown, auto-trigger Hook) matches the code and docs: handlers, fetchers, parser, and a Hook handler are present. However, metadata claims 'no required binaries/env/config', while SKILL.md and hook docs clearly require python3, various Python packages, and Playwright (chromium). The manifest omission (no required binaries/config paths) is an inconsistency to be aware of.
Instruction Scope
Runtime instructions and Hook docs instruct the agent/system to listen to message:received, detect URLs, and asynchronously run python3 scripts that fetch pages, download images, persist browser contexts, and save output under /root/openclaw/... . The Hook description explicitly documents using child_process.exec to invoke scripts. The skill also documents manual cookie injection for protected sites (doubao), which instructs the user to copy full Cookie headers into code — this is sensitive behavior and expands scope to handling secrets. The Hook is configured to trigger on all messages matching URL patterns/keywords unless users customize whitelists.
Install Mechanism
No install spec is provided to the platform (instruction-only), which means nothing is automatically written during install — lower platform install risk. However, the repository includes many Python scripts and the SKILL.md requires installing Python packages and Playwright and running 'playwright install chromium'. That imposes significant runtime dependencies that must be installed manually; the lack of declared required binaries in registry metadata is a mismatch.
Credentials
The skill declares no required env vars or config paths, but the code/docs reference writing persistent browser context and cookies to /root/openclaw/skills/.../doubao_user_data/ and outputs to /root/openclaw/urltomarkdown/. The DOUBAO_SETUP instructs users to paste full Cookie header values directly into script headers (sensitive credentials). Although no cloud credentials are requested, the practice of storing session cookies and instructing users to inject them into scripts is disproportionate and risky for secret handling.
Persistence & Privilege
always:false and no special platform privileges are requested. The skill uses the Hooks system to run asynchronously on message events; autonomous invocation is allowed by default and this skill's Hook design increases its blast radius (it can automatically fetch arbitrary URLs from messages). The skill writes files and persistent browser state under /root/openclaw; that is normal for a local scraping tool but users should be aware that data (including cookies) will be stored on disk.
What to consider before installing
This skill is functionally consistent with a URL→Markdown scraper, but has several operational and privacy concerns. Before installing or enabling the auto-trigger Hook: 1) Review the included scripts (especially fetcher/handlers and the Hook handler) in a safe environment to ensure nothing sends data to unexpected remote endpoints. 2) Avoid pasting cookies or other sensitive tokens into code; prefer using browser persistent context created via manual login if needed, and store any credentials securely (not hard-coded). 3) Restrict the Hook triggers (enable only pure-URL or limit allowed domains) so it doesn't automatically fetch internal or private links. 4) Install and run Playwright and all dependencies in an isolated/sandboxed environment (container or VM), and inspect the files written to /root/openclaw/urltomarkdown and the doubao_user_data directory. 5) If you plan to enable automatic Hook execution, test with non-sensitive, public URLs first and monitor logs/output. These actions will reduce the risk of accidental credential exposure or unwanted automatic scraping.hooks/url-auto-fetch/handler.ts:84
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97fzm0exyd9jn216pydsgvkp983xfz8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.