ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Web Summarizer

v1.0.0

Fetch and summarize web pages for AI agents. Extract key information from URLs and return structured markdown summaries. No API key required.

0· 93·0 current·0 all-time
by@jimmyclanker

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jimmyclanker/jimmy-web-summarizer.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Web Summarizer" (jimmyclanker/jimmy-web-summarizer) from ClawHub.
Skill page: https://clawhub.ai/jimmyclanker/jimmy-web-summarizer
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install jimmy-web-summarizer

ClawHub CLI

Package manager switcher

npx clawhub@latest install jimmy-web-summarizer
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the delivered artifact: a small bash script that uses curl + python3 to fetch a page and produce an extractive markdown-style summary. However the SKILL.md claims it "respects robots.txt" and mentions a `web_fetch` tool; the included script does not check robots.txt and only uses curl. Minor mismatch between claimed features and actual implementation.
!
Instruction Scope
Runtime instructions are to run scripts/summarize.sh on arbitrary URLs. The script fetches remote content and prints summaries only (no external exfil endpoints). But it makes no attempt to enforce robots.txt, domain whitelists, or block internal addresses (e.g., 169.254.169.254), so an agent invoking this on untrusted input could be used to probe internal services (SSRF/IPMI/metadata endpoints). The URL validation is minimal (only checks for the substring "http").
Install Mechanism
No install spec; instruction-only + small script. Nothing is downloaded or written to disk at install time beyond the included script, which is low-risk.
Credentials
No environment variables, credentials, or config paths are requested. The script only needs curl and python3 which is proportionate to its purpose.
Persistence & Privilege
always:false and nothing writes system-level settings. Autonomous invocation (default allowed) combined with the ability to fetch arbitrary URLs increases the blast radius: an agent could fetch internal-only URLs if it runs this skill without additional controls.
What to consider before installing
This skill is mostly coherent with its description — it fetches pages with curl and does a simple extractive summary with python — but it has two practical concerns you should weigh before installing: 1) The SKILL.md claims the tool "respects robots.txt" but the shipped script does not check robots.txt. If respecting robots.txt is important to you, request an implementation change. 2) The script will fetch any URL you give it and performs minimal validation (only checks for the string "http"). If the agent is allowed to invoke the skill autonomously, a malicious prompt or compromised agent could cause it to fetch internal or sensitive endpoints (SSRF risk, cloud metadata endpoints, intranet services). Mitigations: require user confirmation before fetching arbitrary URLs, add domain whitelisting or explicit blacklist rules (e.g., block 169.254.169.254 and private IP ranges), implement proper URL validation, and add a robots.txt check if you expect to honor it. Also consider running the skill in a network-restricted environment or disabling autonomous invocation until safeguards are in place.

Like a lobster shell, security has layers — review code before you run it.

latestvk970wjwxrq5ftwj95h26t3m9ks841hs8
93downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
@jimmyclanker
latest
Download

Web Content Summarizer

Fetch and summarize web pages for AI agents. Extract key information from URLs and return structured summaries.

Usage

# Summarize a URL
bash scripts/summarize.sh https://example.com

# Summarize with specific focus
bash scripts/summarize.sh https://example.com "key findings"

# List output format
bash scripts/summarize.sh --help

Features

  • Fetches web page content
  • Extracts title, main content, key points
  • Returns structured markdown summary
  • Handles errors gracefully
  • Respects robots.txt

How It Works

Uses web_fetch tool or curl to get page content, then extracts key information using text processing.

Use Cases

  • Research: quickly get summary of article before deep dive
  • Agent memory: store summarized facts instead of full pages
  • Fact checking: verify claims by checking source content

Comments

Loading comments...