← Back to Skills Marketplace

Web Fetch Fallback

Name: Web Fetch Fallback
Author: tiantian-douba

by TianTian-DouBa · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install web-fetch-fallback

Description

Fetch web content using curl as a fallback when web_fetch is blocked due to private, internal, or special-use IP address restrictions.

Usage Guidance

This skill is coherent with its purpose but is explicitly designed to bypass platform IP restrictions — that is risky. Before installing or using it: 1) Ensure curl is available on the agent host (the metadata should declare curl as a required binary). 2) Restrict use to trusted, internal URLs and avoid passing untrusted user input directly into the fetch command to reduce SSRF/exfiltration risk. 3) Prefer running it only when explicitly invoked by a user (not autonomously), and consider adding domain whitelisting or additional URL validation. 4) Be cautious about sending Authorization headers or other secrets via this fallback; treat such uses as sensitive and audit their usage.

Capability Analysis

Type: OpenClaw Skill Name: web-fetch-fallback Version: 1.0.0 The 'web-fetch-fallback' skill is explicitly designed to bypass OpenClaw's built-in SSRF (Server-Side Request Forgery) protections. The instructions in SKILL.md direct the AI agent to use curl via the exec tool specifically when the standard web_fetch tool blocks access to private, internal, or special-use IP addresses. While the documentation includes caveats about using it only for trusted internal services, providing a functional mechanism to circumvent security controls and access internal network resources is a high-risk capability that could be exploited for unauthorized internal discovery or data exfiltration.

Capability Tags

requires-oauth-tokenrequires-sensitive-credentials

Capability Assessment

ℹ Purpose & Capability

The skill's behavior (use curl to fetch web content when web_fetch blocks private/internal IPs) matches its name and description. One minor incoherence: the registry metadata lists no required binaries, yet the script and instructions rely on curl (and examples reference html2text). The skill should declare curl as a required binary.

⚠ Instruction Scope

The SKILL.md explicitly instructs the agent to bypass OpenClaw's IP-based security checks and run curl against internal/private addresses. While that is the stated purpose, it is high-risk because it enables accessing internal services and can facilitate SSRF or inadvertent data exposure if used on untrusted input. The instructions do not attempt to enforce domain whitelisting or automated URL validation beyond recommending best practices.

✓ Install Mechanism

No install spec (instruction-only plus a simple reference shell script). Nothing is downloaded or installed by the skill itself, which is a low-risk install surface.

✓ Credentials

The skill does not request environment variables or credentials. The script includes an example header for Authorization, but that is optional and user-supplied; no undeclared secrets or unrelated credentials are requested by the skill.

✓ Persistence & Privilege

The skill does not request permanent presence (always is false) and does not modify other skills or system-wide settings. It runs only when invoked.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install web-fetch-fallback
After installation, invoke the skill by name or use /web-fetch-fallback
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

- Initial release of the web-fetch-fallback skill. - Provides guidance and best practices for using curl as a fallback when web_fetch blocks requests to private/internal/special-use IP addresses. - Includes example curl commands for fetching content, using custom headers, saving output, and handling timeouts. - Outlines limitations, security considerations, and recommended workflows for safe usage. - Reference to a reusable curl script and detailed curl exit code meanings included.

Metadata

Slug web-fetch-fallback

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Web Fetch Fallback?

Fetch web content using curl as a fallback when web_fetch is blocked due to private, internal, or special-use IP address restrictions. It is an AI Agent Skill for Claude Code / OpenClaw, with 74 downloads so far.

How do I install Web Fetch Fallback?

Run "/install web-fetch-fallback" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Web Fetch Fallback free?

Yes, Web Fetch Fallback is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Web Fetch Fallback support?

Web Fetch Fallback is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Web Fetch Fallback?

It is built and maintained by TianTian-DouBa (@tiantian-douba); the current version is v1.0.0.

More Skills