ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Jina Web Fetcher - 网页抓取

v1.0.0

使用 Jina AI 抓取网页内容,绕过搜索引擎限制。支持任意URL,支持 Google 搜索结果抓取。

0· 1.5k·10 current·10 all-time
by@xaiohuangningde
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description claim to fetch arbitrary webpages (including Google results) via Jina AI. The SKILL.md shows exactly that: curl to r.jina.ai/http://<target>. That is coherent with the stated purpose, though the explicit claim of 'bypass search engine restrictions' raises legal/ToS concerns rather than a technical incoherence.
!
Instruction Scope
Instructions directly tell the agent to proxy arbitrary URLs through https://r.jina.ai. This means any requested URL (including internal/private addresses or pages requiring auth) and the fetched page contents will be sent to a third party. The SKILL.md does not warn about this, nor does it constrain scope (only public URLs), so the runtime behavior can collect and transmit sensitive data.
Install Mechanism
This is an instruction-only skill with no install steps or code files, so there is no on-disk install risk.
!
Credentials
The skill requests no credentials, but its ability to fetch arbitrary URLs via a remote proxy is disproportionate: it can be used to access internal network endpoints (SSRF) or to exfiltrate private content to r.jina.ai. No environment variables are required or declared, and the SKILL.md does not disclose that data will be sent to a third party.
Persistence & Privilege
No persistent install or 'always' privilege is requested; the skill is user-invocable and uses normal autonomous invocation defaults.
What to consider before installing
This skill simply tells the agent to use r.jina.ai as a proxy to fetch any URL. Before installing or using it consider: 1) Privacy/exfiltration — any URL and page contents you ask to fetch will be relayed to r.jina.ai (including potentially sensitive internal endpoints). 2) SSRF risk — you can inadvertently expose internal services by fetching internal URLs through the proxy. 3) Legal/ToS risk — using a proxy to 'bypass search engine restrictions' may violate site terms of service. 4) If you must use it, avoid sending credentials or private/internal URLs, and verify r.jina.ai's privacy policy or run your own trusted proxy instead. If you need simple public-page fetching, prefer a local fetch method under your control.

Like a lobster shell, security has layers — review code before you run it.

fetchvk970hb0vmjctm0vhgxkh1nkdqx81x01vjinavk970hb0vmjctm0vhgxkh1nkdqx81x01vlatestvk970hb0vmjctm0vhgxkh1nkdqx81x01vscrapervk970hb0vmjctm0vhgxkh1nkdqx81x01vwebvk970hb0vmjctm0vhgxkh1nkdqx81x01v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments