← Back to Skills Marketplace
1491
Downloads
1
Stars
0
Active Installs
9
Versions
Install in OpenClaw
/install safe-web
Description
Securely fetch and search web content by scanning and blocking prompt injection threats using PromptGuard before returning results.
Usage Guidance
This skill appears coherent and implements what it claims: fetching HTML, extracting text, and scanning with PromptGuard. Before installing: 1) Review and trust the PromptGuard dependency (it's the core scanner); 2) Prefer a virtualenv/container rather than system-wide pip installs or --break-system-packages to avoid altering host Python; 3) Be cautious before creating a system symlink or disabling native web tools — those change system behavior and may affect other workflows; 4) Only provide BRAVE_API_KEY if you need search functionality and trust the environment; 5) If you want extra assurance, inspect the prompt-guard code and run safe-web in an isolated environment to confirm no unexpected network exfiltration. The pre-scan injection flag in the docs is explanatory, not an active instruction.
Capability Analysis
Type: OpenClaw Skill
Name: safe-web
Version: 1.0.8
This skill is designed to enhance the security of an AI agent by providing a 'safe' web fetching and searching mechanism that scans content for prompt injection attacks using PromptGuard. The code (`scripts/safe-web.py`) correctly implements its stated purpose, including content sanitization (removing scripts/styles) and local scanning. It accesses the Brave Search API using an environment variable, which is standard, and can write fetched content to a user-specified file path, a common CLI feature. The documentation (`SKILL.md`, `README.md`) consistently promotes security, even recommending disabling native OpenClaw web tools to force the use of this secure alternative. There is no evidence of malicious intent such as data exfiltration, unauthorized command execution, persistence, or prompt injection against the agent itself; instead, the skill actively defends against such attacks.
Capability Assessment
Purpose & Capability
Name and behavior align: the tool fetches HTML, extracts text, and scans with PromptGuard. Declared requirements (python3, prompt-guard, requests, beautifulsoup4, optional BRAVE_API_KEY) match the implemented functionality. No unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md and README contain only fetch/search/scanning instructions and install guidance. They do recommend creating a system symlink (/usr/local/bin) and suggest disabling native web_fetch/web_search in OpenClaw config to force use of safe-web — these are user-facing operational changes (not automatically performed) and are reasonable for a drop-in replacement but worth reviewing before applying. The pre-scan flag ('ignore-previous-instructions') appears in the docs as an example of an attack pattern, not as an instruction to the agent.
Install Mechanism
Install uses pip to install standard packages and an editable install of a local PromptGuard workspace. This is a common approach for Python-based tools, but pip installs (and the SKILL.md's use of --break-system-packages) can modify system Python state — consider using a virtualenv or container to avoid impacting the host environment. No arbitrary remote download or obfuscated installer was observed.
Credentials
Only one optional environment variable (BRAVE_API_KEY) is referenced and justified for search functionality. The code does not request other secrets or config paths. skill.json declares python3 and dependency on prompt-guard, which are appropriate.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills or agent configuration automatically. It recommends (but does not force) disabling native tools and creating a symlink; those are user actions and not implicit privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install safe-web - After installation, invoke the skill by name or use
/safe-web - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.8
Remove release.sh - now in workspace scripts folder
v1.0.7
Fix release.sh to work from temp directory and avoid workspace pollution
v1.0.6
Add release.sh script to prevent workspace pollution
v1.0.5
Add README with usage instructions and tool disable guide
v1.0.4
safe-web 1.0.4
- Added link to the PromptGuard repository for clearer installation instructions and dependency references.
- Updated dependency section to clarify that PromptGuard should be installed in the workspace.
- Minor documentation improvements for readability; no functional or API changes.
v1.0.3
Fix: rename script to .py extension to ensure proper inclusion in publish
v1.0.2
Fix: ensure scripts folder is included in publish
v1.0.1
Updated documentation: replaced alias with symlink instructions for system-wide access
v1.0.0
Initial release: secure web fetch and search with PromptGuard scanning
Metadata
Frequently Asked Questions
What is Safe-Web?
Securely fetch and search web content by scanning and blocking prompt injection threats using PromptGuard before returning results. It is an AI Agent Skill for Claude Code / OpenClaw, with 1491 downloads so far.
How do I install Safe-Web?
Run "/install safe-web" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Safe-Web free?
Yes, Safe-Web is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Safe-Web support?
Safe-Web is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Safe-Web?
It is built and maintained by AdamNaghs (@adamnaghs); the current version is v1.0.8.
More Skills