ClawHub

Smart Web Monitor (智能网页监控)

v1.0.0

Smart web monitor with AI-powered matching. Unlike keyword/regex monitors, this skill uses the agent's own LLM reasoning to evaluate whether a web page match...

0· 47·0 current·0 all-time
bySkywalker326@skywalker-lili
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: scripts fetch webpages, extract text, run simple local matchers and emit JSON for LLM evaluation. No unrelated credentials, binaries, or surprising privileges are requested.
Instruction Scope
SKILL.md instructs the cron/agent to run fetch and have the agent perform LLM-based matching on extracted page text. This is expected, but it means the agent will process (and depending on platform settings, send) the full extracted page text to the model and/or to announce channels (example uses Discord announcements). That behaviour is functionally needed but increases data exposure risk — monitor contents may include sensitive information if you point it at internal or authenticated pages.
Install Mechanism
No install spec; this is an instruction + script bundle only. All files are included in the skill package and nothing is downloaded or executed from external URLs during install.
Credentials
The skill declares no required environment variables or credentials. The code does allow optional per-URL 'headers' in monitor configs — those could carry credentials if you add them, so review monitor JSON before enabling.
Persistence & Privilege
always:false (no force-inclusion). The skill stores monitor JSON and report files under its own skill directory and does not modify other skills or global agent configs. Cron integration relies on platform cron features but that is expected.
Assessment
This skill appears to do what it says: fetch pages, extract text, and let the agent (LLM) decide matches. Before enabling or scheduling monitors: 1) Review each monitor JSON in the monitors/ directory — don't add internal-only or authenticated URLs unless you understand the exposure. 2) Check any 'headers' fields in monitor configs to ensure you are not embedding API keys, cookies, or Authorization headers that could be leaked. 3) Remember LLM matching runs in the agent context: extracted page text may be sent to your configured model provider or posted to notification channels (the SKILL.md examples use Discord announce); make sure those destinations and your model usage policy are acceptable. 4) If you need strict data isolation, avoid LLM match type and use local keyword/regex/css/jsonpath matching only. 5) Optionally run the scripts manually (fetch/run) to inspect outputs before adding cron jobs that announce results to users or channels.

Like a lobster shell, security has layers — review code before you run it.

latestvk971nt08m0cezxdakryz2ggp5h83w5g0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments