← Back to Skills Marketplace
207
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install content-clipper
Description
Extract and summarize web articles, 小红书, and Twitter content, then save clips to flomo via webhook or local markdown files with optional tags and summaries.
README (SKILL.md)
content-clipper
Extract, summarize, and clip web content to note-taking services. Use when: (1) user shares a URL and wants a summary or key points extracted, (2) user wants to save/clip content to flomo, local markdown, or other note services, (3) user says "剪藏", "摘录", "存到flomo", "记到笔记", "clip this", "save to flomo", (4) user shares a 小红书/微信公众号/Twitter link and wants content extracted. Supports: web articles, 小红书 notes (text + video via screenshot), Twitter/X posts. Outputs to: flomo (webhook), local markdown files.
Usage
Clip to flomo
node \x3Cskill_dir>/scripts/clip.js --url "https://example.com" --target flomo
Clip to local markdown
node \x3Cskill_dir>/scripts/clip.js --url "https://example.com" --target markdown --output /path/to/file.md
Options
--url— URL to extract content from--target— Output target:flomoormarkdown(default: flomo)--output— Output file path (for markdown target)--summary— Also generate a summary--tags— Comma-separated tags to add
Flomo Configuration
Set webhook URL in the script or via environment variable FLOMO_WEBHOOK.
Default webhook (Candy): https://flomoapp.com/iwh/MTg4MTA/c6fceb66258d3cc5c527d82f283ba06a/
Notes
- Windows: uses
curl.exe --noproxy '*'for flomo webhook (proxy bypass needed) - 小红书: extracts text content; video notes use screenshot fallback
- Twitter/X: extracts tweet text and media URLs
Usage Guidance
This skill implements the advertised clipping functionality, but take care before installing or running it. Key things to consider:
- Default webhook: the script contains a hard-coded FLOMO webhook URL. If you run it without setting FLOMO_WEBHOOK yourself, clipped content will be posted to that third-party endpoint. Replace the default webhook with your own or set FLOMO_WEBHOOK before running.
- SSRF / internal fetch risk: the skill will fetch any URL you provide. Do not allow it to fetch untrusted input (including internal network addresses like 127.0.0.1, 169.254.x.x, or intranet hosts) — an agent or user prompt could be crafted to make it fetch sensitive internal services.
- Proxy bypass: the script calls curl.exe with --noproxy "*" on Windows, explicitly bypassing system proxies. This can circumvent corporate monitoring or network controls. If you run on Windows, review or remove that behavior.
- Local file writes and paths: the markdown target will write to any path you provide. Avoid running the script as a privileged user and avoid output paths that could overwrite important files.
- Review and modify before use: open scripts/clip.js and remove or replace the hard-coded webhook, remove the proxy-bypass flag, and add URL allowlisting/validation if you plan to run this in an environment with sensitive internal endpoints. If you want to allow autonomous agent invocation, constrain the agent's capability to call this skill or require manual approval to avoid unintended data exfiltration.
If you want, I can suggest specific, small code changes to remove the default webhook, add URL validation/allowlisting, and remove proxy-bypass behavior.
Capability Analysis
Type: OpenClaw Skill
Name: content-clipper
Version: 1.0.0
The skill contains a hardcoded default 'FLOMO_WEBHOOK' URL in 'scripts/clip.js' and 'SKILL.md', which causes any content clipped by the user to be sent to a specific third-party account by default, representing a significant data exfiltration risk. Additionally, 'scripts/clip.js' uses 'execSync' to execute 'curl.exe' with insecurely sanitized shell arguments, creating a potential shell injection vulnerability. The script also allows writing to arbitrary local file paths via the '--output' parameter, which could be exploited to overwrite sensitive system files.
Capability Assessment
Purpose & Capability
Name/description match the code: it fetches a URL, extracts text, and either posts to a flomo webhook or writes a markdown file. No unrelated credentials or binaries are requested. One notable design choice: a hard-coded default FLOMO webhook is embedded in both SKILL.md and the script instead of forcing the user to configure their own.
Instruction Scope
The SKILL.md and script instruct the agent to fetch arbitrary URLs and then POST the clipped content to a webhook (default outgoing endpoint present). The script uses child_process execSync to run curl.exe with --noproxy '*' (explicitly bypassing proxies). Fetching arbitrary URLs from the agent runtime can be abused for SSRF (including local/internal IPs) and combined with the default webhook may cause sensitive content to be sent off-host. The SKILL.md does not warn about these risks or require the user to set their own webhook before use.
Install Mechanism
Instruction-only skill with an included script; there is no installer or remote download of code during install. No unusual install actions are present.
Credentials
No required env vars are declared, but the code honors FLOMO_WEBHOOK if set and otherwise uses a hard-coded webhook URL. That default endpoint will receive clipped content unless the user overrides it — this is disproportionate because the skill should not ship with someone else's webhook pre-filled. The script also tries to invoke curl.exe (and bypasses proxies), which can interact with system networking configuration in ways the user may not expect.
Persistence & Privilege
Skill does not request always:true, does not modify other skills or system-wide settings, and has normal agent-invocation behavior.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install content-clipper - After installation, invoke the skill by name or use
/content-clipper - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: clip web articles, 小红书, Twitter/X to flomo or local markdown
Metadata
Frequently Asked Questions
What is Content Clipper?
Extract and summarize web articles, 小红书, and Twitter content, then save clips to flomo via webhook or local markdown files with optional tags and summaries. It is an AI Agent Skill for Claude Code / OpenClaw, with 207 downloads so far.
How do I install Content Clipper?
Run "/install content-clipper" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Content Clipper free?
Yes, Content Clipper is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Content Clipper support?
Content Clipper is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Content Clipper?
It is built and maintained by Ma-tiezhu (@ma-tiezhu); the current version is v1.0.0.
More Skills