ClawHub

Web Fetch Fake-IP Workaround

v1.0.2

Legacy workaround for web_fetch fake-ip failures on older npm-global OpenClaw installs. Use when web_fetch is blocked under Clash, Mihomo, or Surge fake-ip m...

0· 96·1 current·1 all-time
byxingxing@xing-xing-coder
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included script and instructions. The script searches the global OpenClaw install and inserts a single policy line into the web_fetch call — this is coherent with a legacy workaround for npm-global OpenClaw installs.
Instruction Scope
The SKILL.md and script explicitly instruct modifying files under the global openclaw package directory (searching for fetchWithWebToolsNetworkGuard and inserting a policy line). This is within the stated purpose, but it is an on-disk code modification that requires write permission and can affect runtime behavior — inspect the target file with the provided 'inspect' mode and keep the backups before applying.
Install Mechanism
No install step or external downloads are used. The workaround is delivered as an included shell script + embedded Node code, so nothing is fetched from external URLs during execution.
Credentials
The skill does not request credentials or external service keys. It optionally reads OPENCLAW_PKG_DIR (to locate the package) and uses npm / command-available lookups; this is appropriate for locating a globally installed package.
Persistence & Privilege
The skill does not request persistent inclusion and does not modify other skills/config beyond the OpenClaw package files. However, it performs permanent edits to installed package code (and writes backup files) — those changes persist until reverted or the package is upgraded. Running the script may require elevated filesystem permissions for global npm dirs.
Assessment
This skill appears internally consistent and contains no network exfiltration or secret access, but it edits installed OpenClaw JavaScript files — an impactful action. Before running: (1) run 'bash patch-openclaw-global-fakeip.sh status' and 'inspect' to verify the exact patch window and ensure the script targets the intended file; (2) ensure you have recent backups or let the script create them and confirm their presence; (3) avoid running as root unless you understand the implications — prefer running as the user that manages the OpenClaw install; (4) prefer the built-in openclaw.json config fix if your OpenClaw is v2026.4.10 or newer; (5) verify the script source/trust (no homepage provided; README points to a GitHub repo) if you need organizational assurance. If anything about the 'inspect' output looks unexpected, do not apply the patch.

Like a lobster shell, security has layers — review code before you run it.

latestvk9704a695zq88972sg0r9y5ygd84q9yc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments