ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Jina Reader

v1.0.0

Extract clean, readable markdown content from any URL using Jina Reader API. Use when you need to fetch and parse web pages without dealing with HTML, JavaScript rendering, or paywalls. Ideal for research, article summarization, content analysis, and working with search results from tavily-search, web_search, or searxng skills.

0· 976·4 current·4 all-time
by@smile-xuc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included scripts and instructions: both Python and shell tools call the Jina Reader endpoint (r.jina.ai) and return markdown/JSON. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
Instructions are focused on extraction and piping results to other tools. They do cause the agent to send target URLs (and indirectly the pages' content, depending on the remote service) to r.jina.ai — this is expected for the stated purpose but is a privacy/network exposure concern (see user_guidance). The shell script has a minor scheme-handling bug for https URLs which can produce a malformed request; Python script normalizes schemes.
Install Mechanism
No install spec; scripts are included directly. No archives or external installers are fetched. The Python script depends on the widely used 'requests' package but does not attempt to install it itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. The code likewise does not read secrets or system configuration. No disproportionate credential access is requested.
Persistence & Privilege
always is false and the skill does not attempt to modify other skills or system configuration. It does network requests to an external API — expected for its functionality — but it does not request persistent elevated privileges.
Assessment
This skill is coherent with its purpose, but it forwards the target URL (and the remote service will fetch that URL) to a third-party endpoint (https://r.jina.ai). Do not use it with private, internal, or sensitive URLs you don't want a remote service to fetch or see. Note the shell script does not normalize https URLs correctly and may produce malformed requests for inputs starting with 'https://'; prefer the Python script (which normalizes schemes) or validate inputs. Ensure the environment has the Python 'requests' package installed if you use the Python script. If you need to avoid sending content outside your network, consider a local extraction tool instead or audit/host an extraction service you control.

Like a lobster shell, security has layers — review code before you run it.

content-extractionvk97fhk40qj0vzjrdvh35de1vg980wjsclatestvk97fhk40qj0vzjrdvh35de1vg980wjscresearchvk97fhk40qj0vzjrdvh35de1vg980wjscweb-scrapingvk97fhk40qj0vzjrdvh35de1vg980wjsc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments