Docs Feeder
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: docs-feeder Version: 1.0.0 The skill is classified as suspicious due to its broad network and file access capabilities, which, while aligned with its stated purpose of fetching documentation, present significant security risks. Specifically, the 'smart discovery' feature in both `fetch-docs.sh` and `fetch-docs.js` allows the agent to construct and fetch from arbitrary URLs (e.g., `https://docs.${input}.com`) based on user input, creating a potential Server-Side Request Forgery (SSRF) vulnerability. Additionally, the skill can read local files from paths specified in `docs-registry.json` (e.g., `/usr/lib/node_modules/clawdbot/docs`), which could be abused for arbitrary file reading if the registry entries were manipulated or pointed to sensitive system files.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or compromised documentation page could influence the agent if the agent treats fetched text as instructions.
The skill is designed to place fetched documentation into the agent's working context. Remote documentation can contain prompt-like text or misleading instructions, so it should be treated as reference material rather than trusted instructions.
dump the whole thing into context and let the AI cross-reference
Use trusted documentation sources and instruct the agent to treat fetched docs as untrusted reference content, not as commands or policy.
If invoked with an untrusted or mistaken URL, the agent can retrieve and load content from an unintended site.
The script allows direct HTTP/HTTPS URL input and then fetches documentation paths from that base URL. This is central to the skill's purpose, but it is broad outbound network behavior.
if (input.match(/^https?:\/\//)) { ... result = await fetchLlmsTxt(input);Invoke the skill with known documentation URLs or registry project names, and review the reported source before relying on the output.
Users have less provenance and setup information than ideal before running the helper scripts.
The package has limited provenance metadata and does not declare required binaries, even though SKILL.md uses Node.js and the included shell helper requires curl and jq. The full source is provided and behavior is coherent, so this is a review note rather than a concern.
Source: unknown; Homepage: none; Required binaries (all must exist): none; No install spec
Inspect the included scripts before use and run them in an environment where Node.js, and optionally curl/jq for the shell script, are intentionally available.