inline-asset-probe

v1.0.0

Fetch a URL with curl/wget, extract inline base64 data URIs, and best-effort decode any content to inspect embedded assets.

⭐ 0· 90·0 current·0 all-time

by@yibeiqingtian-ai

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

ℹ

Purpose & Capability

The declared purpose (fetch a URL, extract data:...;base64 assets, decode) matches the PowerShell script. Minor inconsistency: registry metadata and 'Required binaries' claims no required binaries, but run.ps1 requires either curl.exe or wget.exe (or a curl/wget on PATH). This is an implementation detail, not a functional mismatch.

✓

Instruction Scope

SKILL.md usage matches the included run.ps1. The script only fetches the given URL (via curl/wget), scans the response for data:*;base64, writes extracted files and optional decoded output to a local OutDir. It does not call external endpoints other than the target URL, does not exfiltrate data, and does not execute downloaded content.

✓

Install Mechanism

No install spec (instruction-only). The skill supplies a PowerShell script that will run directly; nothing is downloaded or installed by the skill itself.

✓

Credentials

The skill requests no environment variables or credentials. It uses standard system paths (TEMP) and writes output to a user-specified directory. This is proportional to its purpose.

✓

Persistence & Privilege

always is false and the skill does not modify agent/system configuration or other skills. It runs ad hoc and writes only to the output directory you provide (default probe_out).

Assessment

This skill appears coherent with its description, but please consider the following before running: - The included script requires curl or wget on PATH even though registry metadata lists no required binaries; verify you have curl.exe or wget.exe available. The script will throw if neither is found. - The script fetches arbitrary URLs and writes files to disk (default probe_out). Only run it on URLs you trust, or run in an isolated/sandboxed environment to avoid writing potentially malicious payloads to your main filesystem. - The -DecodeResponse option performs a best-effort base64 decode of any bytes and may produce binary blobs; scan extracted files with antivirus and avoid executing them. - Usage examples show running PowerShell with -ExecutionPolicy Bypass; inspect the script yourself before running and avoid permanently lowering execution policy. - Note: on some Windows systems "curl" may be an alias for a PowerShell cmdlet rather than curl.exe; the script prefers curl.exe but may fall back to invoking "curl" or "wget" which can behave differently. If you need stronger assurance: run the script in a disposable VM/container, confirm presence of curl.exe/wget.exe, and review extracted output before opening any files.

Like a lobster shell, security has layers — review code before you run it.

latestvk973552nansngpmbfg9jvgy9jx834tan

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

inline-asset-probe

License

Comments