Google Web Fonts

PassAudited by VirusTotal on May 4, 2026.

Overview

Type: OpenClaw Skill Name: google-web-fonts Version: 1.0.0 The skill bundle is purely informational documentation for an AI agent on how to use the legitimate Google Fonts API. It contains no executable code, no suspicious network requests, and no evidence of prompt injection or malicious intent in SKILL.md.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Note

ASI07: Insecure Inter-Agent Communication

What this means

If private or user-specific text is included in a Google Fonts URL, that text may be visible to Google and in logs or browser/network history.

Why it was flagged

The skill documents sending a font request, including an optional text parameter, to Google's font service. This is purpose-aligned, but any text placed in the URL is shared with an external provider.

Skill content

https://fonts.googleapis.com/css?family=Inconsolata&text=Hello%20World

Recommendation

Use Google Fonts URLs only for public page styling, and avoid putting sensitive or private strings in the optional text parameter.