← Back to Skills Marketplace
79
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install boxed-fetch
Description
Lightweight web scraping tool based on WebAssembly sandbox mechanism. Fetches URL content and extracts readable text. Use when you need to fetch webpage cont...
README (SKILL.md)
boxed-fetch
WebAssembly-based sandboxed web fetcher for retrieving URL content and extracting readable text.
Trigger when: user asks to fetch a URL, scrape webpage content, extract readable text from HTML, or get page content from a specific URL / 抓取网页、获取URL内容、提取可读文本、网页内容抓取。
Quick Start
-
Download WASM file (first time only):
wasm-sandbox-download({ url: "https://raw.githubusercontent.com/guyoung/wasm-sandbox-openclaw-skills/main/boxed-fetch/files/boxed-fetch-component.wasm", dest: "~/.openclaw/skills/boxed-fetch/files/boxed-fetch-component.wasm" }) -
Run fetch:
wasm-sandbox-run({ wasmFile: "~/.openclaw/skills/boxed-fetch/files/boxed-fetch-component.wasm", allowedOutboundHosts: ["\x3Ctarget-host>"], args: ["\x3Ctarget-url>"] })
Fetching a URL
wasm-sandbox-run({
wasmFile: "~/.openclaw/skills/boxed-fetch/files/boxed-fetch-component.wasm",
allowedOutboundHosts: ["https://github.com"],
args: ["https://github.com/guyoung/wasm-sandbox-node/blob/main/README.md"]
})
Getting Help
wasm-sandbox-run({
wasmFile: "~/.openclaw/skills/boxed-fetch/files/boxed-fetch-component.wasm",
allowedOutboundHosts: [],
args: ["--help"]
})
Important Notes
- allowedOutboundHosts is required: You must specify the exact host(s) you want to fetch from
- First use: Download the WASM file before running for the first time
- URLs must use HTTPS: The sandbox only supports HTTPS URLs
Detailed Usage
See references/usage.md for comprehensive usage instructions including all options and examples.
Usage Guidance
This skill is coherent with its stated purpose but has two practical concerns you should address before use: (1) it asks you to download and run a remote WASM binary — verify the binary's provenance (use a pinned release, checksum, or signature) and review the repository/owner (the source is a raw GitHub URL and source metadata is 'unknown'); (2) the SKILL.md depends on the 'openclaw-wasm-sandbox' plugin but the skill metadata doesn't declare that dependency — confirm that plugin is present and understand its sandbox guarantees. Also avoid supplying overly broad allowedOutboundHosts (only include exact hosts you trust), prefer inspecting the WASM or running it in an isolated environment first, and ask the publisher for a signed release or checksum if you need higher assurance.
Capability Assessment
Purpose & Capability
The name and description (WASM-based sandboxed web fetcher) match the instructions which download and run a WASM component to fetch pages. However the SKILL.md requires an external 'openclaw-wasm-sandbox' plugin but the skill metadata does not declare that dependency; that mismatch is unexpected and reduces transparency.
Instruction Scope
Instructions are narrowly scoped to downloading a single WASM file and running it with an allowlist of outbound hosts and HTTPS-only URLs. The skill does not request unrelated files, secrets, or system paths. The notable instruction-level risk: it tells the agent to download and execute a remote WASM binary (from raw.githubusercontent.com) which could change over time or contain malicious behavior; the run API delegates sandboxing to an external plugin whose security you must trust.
Install Mechanism
No install spec (instruction-only). The download URL is raw.githubusercontent.com (a common release host), which is better than arbitrary personal servers, but the workflow writes an executable WASM to ~/.openclaw/skills/... and then runs it — this is an external binary being introduced to disk and executed (inside a plugin-provided sandbox). There is no checksum, signature, or pinned release referenced.
Credentials
The skill requests no environment variables, credentials, or system config paths. Examples and options are limited to API of the wasm-sandbox-run call (wasm file, allowedOutboundHosts, args). No secrets are requested or used in the SKILL.md.
Persistence & Privilege
always is false and the skill is user-invocable. It writes its WASM under ~/.openclaw/skills/boxed-fetch/... which is confined to its own skill directory; it does not claim to change other skills or global agent settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install boxed-fetch - After installation, invoke the skill by name or use
/boxed-fetch - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of boxed-fetch: a lightweight web scraping tool using WebAssembly sandboxing.
- Fetches webpage content from a given URL and extracts readable text from HTML.
- Requires the openclaw-wasm-sandbox plugin and a one-time WASM file download.
- Supports only HTTPS URLs and requires explicit outbound host specification.
- Includes easy quick-start instructions and usage examples.
Metadata
Frequently Asked Questions
What is Boxed Fetch?
Lightweight web scraping tool based on WebAssembly sandbox mechanism. Fetches URL content and extracts readable text. Use when you need to fetch webpage cont... It is an AI Agent Skill for Claude Code / OpenClaw, with 79 downloads so far.
How do I install Boxed Fetch?
Run "/install boxed-fetch" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Boxed Fetch free?
Yes, Boxed Fetch is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Boxed Fetch support?
Boxed Fetch is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Boxed Fetch?
It is built and maintained by guyoung (@guyoung); the current version is v1.0.0.
More Skills