ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

1coos-quickie

v1.0.1

Quickly save web content as formatted Markdown. TRIGGER when user pastes a URL and wants to save/clip it, read-later, or extract content from YouTube, Twitte...

0· 100·0 current·0 all-time
by@1coos

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for 1coos/1coos-quickie.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "1coos-quickie" (1coos/1coos-quickie) from ClawHub.
Skill page: https://clawhub.ai/1coos/1coos-quickie
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: bun, uvx
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install 1coos-quickie

ClawHub CLI

Package manager switcher

npx clawhub@latest install 1coos-quickie
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description, required binaries (bun to run the script and uvx to fetch/run x-reader), and the uv install entry for x-reader are coherent: the skill legitimately needs a runtime (bun) and a mechanism (uvx) to run the x-reader extractor it relies on.
Instruction Scope
SKILL.md confines actions to: check for uvx, run the included script with bun, and report/save the extracted Markdown. It does not request unrelated files or credentials. However, the runtime instruction intentionally fetches and executes x-reader from GitHub on each invocation — a significant behavior that goes beyond pure local processing and should be considered when evaluating safety.
!
Install Mechanism
The install spec uses 'uv' to install x-reader from git+https://github.com/runesleo/x-reader.git (GitHub). Even though GitHub is a known host, the install and runtime both pull third-party code dynamically (uvx fetch/execute), and that code will be executed locally. Dynamic fetching/execution of upstream code increases risk because upstream changes can alter behavior; a best practice is to pin to a specific commit or vendor the dependency.
Credentials
The skill does not request any environment variables, secrets, or unrelated credentials. Its network actions are limited to fetching the target URL via x-reader, which aligns with its stated purpose.
Persistence & Privilege
The skill is not always-enabled and does not request elevated privileges. However, because the platform allows autonomous invocation by default and the skill dynamically executes third-party code on each run, the blast radius is larger than for a purely local-only tool. Consider this if you allow the agent to invoke skills autonomously.
What to consider before installing
This skill is functionally coherent — it needs bun and uvx and uses x-reader to extract content — but it downloads and runs x-reader from GitHub at runtime. That means the code you execute is determined by an external repo (and can change). Before installing, consider: 1) Inspect the x-reader repository (or the specific commit/tag you will use) to ensure it is trustworthy. 2) Prefer a pinned commit/tag rather than a floating git ref, or vendor the x-reader code into the skill so behavior can't change silently. 3) Run the skill in a sandboxed environment or on a non-sensitive machine if you will allow autonomous invocation. 4) Note the small mismatch in SKILL.md (it suggests main.ts while the bundle contains main.js) — verify the script path when invoking. If you are not comfortable reviewing the upstream code, avoid installing or require manual approval before the skill runs.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📎 Clawdis
Binsbun, uvx

Install

uv
Bins: x-reader
uv tool install x-reader[all] @ git+https://github.com/runesleo/x-reader.git
latestvk971mpjsv2mhjv25yx4x5eew0n84ag86
100downloads
0stars
2versions
Updated 3w ago
v1.0.1
MIT-0
@1coos
latest
Download

Quickie — URL to Markdown

Grab any URL and save it as beautifully formatted Obsidian-style Markdown. Powered by x-reader for content extraction.

Usage

/1coos-quickie <text-containing-url> [--output-dir path] [--raw]

Parameters

ParameterRequiredDescription
<text>YesAny text containing a URL to fetch
--output-dirNoOutput directory (default: from config.json)
--rawNoSkip formatting, output raw x-reader result
--configNoPath to config.json

Supported Platforms

  • Video: YouTube, Bilibili
  • Social: Twitter/X, WeChat, Xiaohongshu (Little Red Book), Telegram
  • Feeds: RSS/Atom
  • General: Any HTTP/HTTPS URL

Configuration

Core parameters are configurable via config.json in the skill directory:

{
  "outputDir": "~/Documents/quickie",
  "formatting": {
    "maxWidth": 80,
    "listMarker": "-"
  },
  "reader": {
    "timeout": 120000
  }
}

CLI arguments always override config.json values.

Security Notice

This skill runs third-party code at runtime:

  • uvx fetches and executes x-reader from GitHub on each invocation
  • x-reader makes network requests to the target URL and platform-specific APIs (FxTwitter, etc.)
  • Output is written only to the configured local directory

Execution Instructions

When the user invokes this skill:

  1. Check prerequisites: Verify uvx is available by running which uvx. If missing, tell the user: "uvx is required but not found. Please install uv from https://docs.astral.sh/uv/getting-started/installation/ and try again." Do NOT run any install commands on behalf of the user.
  2. Run extraction: Execute the script using the skill's absolute path: 
    bun run /path/to/skills/1coos-quickie/scripts/main.ts <user-arguments>
  3. Report results: Show the output file path, the extracted title, and a brief content summary.
  4. Handle errors:
    • Exit code 2: argument error (no URL found, invalid options)
    • Exit code 3: missing dependency (uvx not installed)
    • Exit code 4: x-reader fetch failure
    • Exit code 5: output write failure

Examples

# Grab a YouTube video transcript
/1coos-quickie https://www.youtube.com/watch?v=dQw4w9WgXcQ

# Save a tweet thread
/1coos-quickie 看看这条推特 https://x.com/user/status/123456 很有意思

# Clip an article with custom output
/1coos-quickie https://example.com/article --output-dir ~/notes/inbox

# Raw output without formatting
/1coos-quickie https://example.com/page --raw

Notes

  • First run caches x-reader dependencies; subsequent runs are faster
  • Output filename is derived from the content title or URL domain + date
  • Obsidian-style formatting includes: wikilinks, callout normalization, highlight syntax, table alignment, frontmatter formatting
  • Uses x-reader[all] for full platform support

Comments

Loading comments...