ClawHub

Font Interceptor

v1.0.0

Extract fonts (TTF/OTF) from any website using MSCHF Font Interceptor. Use when user drops a URL and wants to identify/extract/download fonts from that websi...

0· 396·0 current·0 all-time
by@honeybee1130
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (extract fonts from websites) align with the SKILL.md: it directs the agent to use the MSCHF Font Interceptor to input a URL and report found fonts and download links. Using a web tool for this task is coherent.
!
Instruction Scope
SKILL.md instructs the agent to use a browser tool with profile:"openclaw", take snapshots, locate input fields, and submit the target URL to a third-party site. Taking snapshots and using a named profile may capture or reuse cookies, stored credentials, open tabs, or other sensitive data. The skill does not declare or justify use of that profile or describe how snapshots are stored/handled, which is scope creep beyond simple URL submission.
Install Mechanism
Instruction-only skill with no install steps or external downloads; nothing is written to disk by the skill itself. This is low install risk.
!
Credentials
The skill requests no environment variables or credentials, which is appropriate, but it references a specific browser profile (openclaw) that may grant access to stored cookies/credentials or local browser state. It also sends the target URL (and possibly resulting page content) to a third-party service (fontinterceptor.mschfmag.com), which could leak information about the target site (including private or internal URLs). These privacy/credential-exposure risks are not acknowledged in the skill metadata or instructions.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and has no install-time persistence. Autonomous invocation is allowed (platform default) but not by itself a red flag here.
What to consider before installing
This skill will open a third-party website (fontinterceptor.mschfmag.com) and submit the URL you provide. Before installing or using it: (1) consider privacy — the target URL and any page contents may be transmitted to that external site (avoid submitting private/internal URLs or pages behind auth); (2) the instructions reference using a browser profile named "openclaw" and taking snapshots — confirm what that profile contains and whether snapshots or DOM data are stored or shared; (3) if you are worried about leaking cookies/credentials or other browsing data, run the workflow manually in an isolated/ephemeral browser profile or use the fallback manual instructions; (4) verify the third-party site's privacy policy and trustworthiness before sending data. If the publisher can clarify what the "openclaw" profile is and how snapshots are handled (ephemeral, local-only, not uploaded), that would reduce the risk and could raise confidence.

Like a lobster shell, security has layers — review code before you run it.

latestvk977c8n4b2pj6ghrvd53syqn1s81s46v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments