ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Boxed Fetch

v1.0.0

Lightweight web scraping tool based on WebAssembly sandbox mechanism. Fetches URL content and extracts readable text. Use when you need to fetch webpage cont...

0· 52·0 current·0 all-time
by@guyoung
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description (WASM-based sandboxed web fetcher) match the instructions which download and run a WASM component to fetch pages. However the SKILL.md requires an external 'openclaw-wasm-sandbox' plugin but the skill metadata does not declare that dependency; that mismatch is unexpected and reduces transparency.
Instruction Scope
Instructions are narrowly scoped to downloading a single WASM file and running it with an allowlist of outbound hosts and HTTPS-only URLs. The skill does not request unrelated files, secrets, or system paths. The notable instruction-level risk: it tells the agent to download and execute a remote WASM binary (from raw.githubusercontent.com) which could change over time or contain malicious behavior; the run API delegates sandboxing to an external plugin whose security you must trust.
Install Mechanism
No install spec (instruction-only). The download URL is raw.githubusercontent.com (a common release host), which is better than arbitrary personal servers, but the workflow writes an executable WASM to ~/.openclaw/skills/... and then runs it — this is an external binary being introduced to disk and executed (inside a plugin-provided sandbox). There is no checksum, signature, or pinned release referenced.
Credentials
The skill requests no environment variables, credentials, or system config paths. Examples and options are limited to API of the wasm-sandbox-run call (wasm file, allowedOutboundHosts, args). No secrets are requested or used in the SKILL.md.
Persistence & Privilege
always is false and the skill is user-invocable. It writes its WASM under ~/.openclaw/skills/boxed-fetch/... which is confined to its own skill directory; it does not claim to change other skills or global agent settings.
What to consider before installing
This skill is coherent with its stated purpose but has two practical concerns you should address before use: (1) it asks you to download and run a remote WASM binary — verify the binary's provenance (use a pinned release, checksum, or signature) and review the repository/owner (the source is a raw GitHub URL and source metadata is 'unknown'); (2) the SKILL.md depends on the 'openclaw-wasm-sandbox' plugin but the skill metadata doesn't declare that dependency — confirm that plugin is present and understand its sandbox guarantees. Also avoid supplying overly broad allowedOutboundHosts (only include exact hosts you trust), prefer inspecting the WASM or running it in an isolated environment first, and ask the publisher for a signed release or checksum if you need higher assurance.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bbtrkpjeananeax47rxnh2n84kqbq
52downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@guyoung
latest
Download

boxed-fetch

WebAssembly-based sandboxed web fetcher for retrieving URL content and extracting readable text.

Trigger when: user asks to fetch a URL, scrape webpage content, extract readable text from HTML, or get page content from a specific URL / 抓取网页、获取URL内容、提取可读文本、网页内容抓取。

Quick Start

  1. Download WASM file (first time only):

    wasm-sandbox-download({
  url: "https://raw.githubusercontent.com/guyoung/wasm-sandbox-openclaw-skills/main/boxed-fetch/files/boxed-fetch-component.wasm",
  dest: "~/.openclaw/skills/boxed-fetch/files/boxed-fetch-component.wasm"
})

  2. Run fetch:

    wasm-sandbox-run({
  wasmFile: "~/.openclaw/skills/boxed-fetch/files/boxed-fetch-component.wasm",
  allowedOutboundHosts: ["<target-host>"],
  args: ["<target-url>"]
})

Fetching a URL

wasm-sandbox-run({
  wasmFile: "~/.openclaw/skills/boxed-fetch/files/boxed-fetch-component.wasm",
  allowedOutboundHosts: ["https://github.com"],
  args: ["https://github.com/guyoung/wasm-sandbox-node/blob/main/README.md"]
})

Getting Help

wasm-sandbox-run({
  wasmFile: "~/.openclaw/skills/boxed-fetch/files/boxed-fetch-component.wasm",
  allowedOutboundHosts: [],
  args: ["--help"]
})

Important Notes

  • allowedOutboundHosts is required: You must specify the exact host(s) you want to fetch from
  • First use: Download the WASM file before running for the first time
  • URLs must use HTTPS: The sandbox only supports HTTPS URLs

Detailed Usage

See references/usage.md for comprehensive usage instructions including all options and examples.

Comments

Loading comments...