Page Fetch
v1.0.1Extract readable content from webpages with a stable, low-dependency workflow. Use when the user asks to open, inspect, summarize, translate, verify, or quot...
⭐ 0· 48·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the code and runtime behavior. The scripts implement lightweight HTML extraction, JSON-LD/embedded-data inspection, a WeChat-specific extractor, and an explicit browser-render fallback via Playwright — all consistent with the stated purpose.
Instruction Scope
Runtime instructions and scripts stay within the scope of fetching and extracting webpage content. They accept an optional cookie (WeChat use-case) and may write JSON only when --save-json is passed. Two points to note: (1) browser rendering executes page JavaScript in a headless Chromium instance (expected for rendering but worth awareness), and (2) the runner defaults to a fixed filesystem path (/home/admin/projects/openclaw/reports/page-fetch) when --save-json is used without --output, which may write outside the workspace.
Install Mechanism
There is no install spec (instruction-only install), which lowers risk. However the browser fallback depends on Node.js and Playwright (documented in references). The Python scripts implicitly require requests and BeautifulSoup but the skill does not declare Python package installation — callers must ensure these dependencies are available. No remote arbitrary download/install steps are present.
Credentials
The skill does not request environment variables or credentials. It accepts an optional cookie parameter for WeChat article fetching (justified by that use-case). No unrelated secrets or config paths are requested. The scripts do modify the process environment to include a global npm root in NODE_PATH when invoking Node, but this is a local runtime adjustment for Playwright resolution and not an exfiltration mechanism.
Persistence & Privilege
always:false (normal). The default behavior is no disk writes; persistence only occurs when the caller explicitly passes --save-json. If --save-json is used without --output, the skill writes to DEFAULT_SAVE_DIR (/home/admin/projects/openclaw/reports/page-fetch), which is outside a generic workspace and may be unexpected — review that path before enabling saves. The skill does not modify other skills or global agent config.
Assessment
This skill appears to do exactly what it says: fetch and extract webpage content, with a WeChat-specific path and an optional Playwright browser fallback. Before installing or running it, consider: (1) Dependencies: ensure Python packages (requests, bs4) and, if you intend to use browser rendering, Node.js and Playwright + a browser are installed in a controlled environment. (2) Cookies: the WeChat extractor accepts an optional cookie argument — only pass cookies you trust and understand. (3) Persistence: by default the runner does not write files; only use --save-json when you intend to persist output. If you do use --save-json without --output, the skill will write to /home/admin/projects/openclaw/reports/page-fetch/latest.json — change the --output path or inspect DEFAULT_SAVE_DIR if that behavior is undesirable. (4) Browser rendering runs page JS in a headless browser to extract text; this is expected but means pages execute normally (avoid rendering untrusted pages in privileged hosts). Overall the package is coherent and proportionate, but run it in a sandbox or review the default save path and dependencies before enabling persistence or browser fallback.Like a lobster shell, security has layers — review code before you run it.
latestvk97cbjbqczgecp5v7vnz88twds84qmn4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.