ClawHub

inline-asset-probe

v1.0.0

Fetch a URL with curl/wget, extract inline base64 data URIs, and best-effort decode any content to inspect embedded assets.

0· 147·0 current·0 all-time
by@yibeiqingtian-ai

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for yibeiqingtian-ai/inline-asset-probe.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "inline-asset-probe" (yibeiqingtian-ai/inline-asset-probe) from ClawHub.
Skill page: https://clawhub.ai/yibeiqingtian-ai/inline-asset-probe
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install inline-asset-probe

ClawHub CLI

Package manager switcher

npx clawhub@latest install inline-asset-probe
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The declared purpose (fetch a URL, extract data:...;base64 assets, decode) matches the PowerShell script. Minor inconsistency: registry metadata and 'Required binaries' claims no required binaries, but run.ps1 requires either curl.exe or wget.exe (or a curl/wget on PATH). This is an implementation detail, not a functional mismatch.
Instruction Scope
SKILL.md usage matches the included run.ps1. The script only fetches the given URL (via curl/wget), scans the response for data:*;base64, writes extracted files and optional decoded output to a local OutDir. It does not call external endpoints other than the target URL, does not exfiltrate data, and does not execute downloaded content.
Install Mechanism
No install spec (instruction-only). The skill supplies a PowerShell script that will run directly; nothing is downloaded or installed by the skill itself.
Credentials
The skill requests no environment variables or credentials. It uses standard system paths (TEMP) and writes output to a user-specified directory. This is proportional to its purpose.
Persistence & Privilege
always is false and the skill does not modify agent/system configuration or other skills. It runs ad hoc and writes only to the output directory you provide (default probe_out).
Assessment
This skill appears coherent with its description, but please consider the following before running: - The included script requires curl or wget on PATH even though registry metadata lists no required binaries; verify you have curl.exe or wget.exe available. The script will throw if neither is found. - The script fetches arbitrary URLs and writes files to disk (default probe_out). Only run it on URLs you trust, or run in an isolated/sandboxed environment to avoid writing potentially malicious payloads to your main filesystem. - The -DecodeResponse option performs a best-effort base64 decode of any bytes and may produce binary blobs; scan extracted files with antivirus and avoid executing them. - Usage examples show running PowerShell with -ExecutionPolicy Bypass; inspect the script yourself before running and avoid permanently lowering execution policy. - Note: on some Windows systems "curl" may be an alias for a PowerShell cmdlet rather than curl.exe; the script prefers curl.exe but may fall back to invoking "curl" or "wget" which can behave differently. If you need stronger assurance: run the script in a disposable VM/container, confirm presence of curl.exe/wget.exe, and review extracted output before opening any files.

Like a lobster shell, security has layers — review code before you run it.

latestvk973552nansngpmbfg9jvgy9jx834tan
147downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@yibeiqingtian-ai
latest
Download

Inline Asset Probe

Practical utility for quickly extracting inline assets from HTML or CSS and inspecting base64-encoded payloads.

What It Does

  • Fetches a target URL using curl or wget
  • Scans for inline data:*;base64, assets and saves them as files
  • Optionally base64-decodes the entire response as a best-effort probe

Usage

PowerShell:

powershell -ExecutionPolicy Bypass -File run.ps1.txt -Url https://example.com

Save raw response and decode any content:

powershell -ExecutionPolicy Bypass -File run.ps1.txt -Url https://example.com -SaveResponse -DecodeResponse

Limit extracted assets and choose output directory:

powershell -ExecutionPolicy Bypass -File run.ps1.txt -Url https://example.com -OutDir probe_out -MaxAssets 20

Output

  • probe_out/response.bin when -SaveResponse
  • probe_out/assets/asset_*.ext for extracted inline assets
  • probe_out/decoded.bin when -DecodeResponse

Notes

  • -DecodeResponse performs a best-effort base64 decode of any content by stripping non-base64 characters and padding to a 4-byte boundary.
  • Works best for HTML/CSS pages with inline data URIs.

Comments

Loading comments...