← 返回 Skills 市场
Emily Web Fetch
作者
emilyzhang01
· GitHub ↗
· v1.0.5
962
总下载
0
收藏
5
当前安装
5
版本数
在 OpenClaw 中安装
/install emily-web-fetch
功能描述
Fetch static webpage content up to 5000 characters via HTTP/HTTPS GET for analysis, summarization, or information extraction.
使用说明 (SKILL.md)
Web Fetch Skill\r
\r
Description\r
抓取指定URL的网页内容,返回文本摘要或原始HTML。用于获取新闻、公告、数据页面等。\r \r
Tools Provided\r
fetch(url)- 抓取网页,返回文本内容(最多5000字符)\r \r
Usage\r
助手调用此工具获取网页内容,然后进行分析、摘要或提取信息。\r \r
Examples\r
用户:抓取 https://www.cls.cn/telegraph\r 助手:调用 web-fetch:fetch(url),获取后返回内容并解读。\r \r
Limitations\r
- 仅支持HTTP/HTTPS GET- 不处理JavaScript渲染的页面(静态HTML)\r
- 内容长度限制为5000字符,避免过大响应\r
- 需要目标网站允许爬取(遵守robots.txt)
安全使用建议
This skill appears to do what it says (fetching static HTTP/HTTPS pages and truncating to 5000 chars), but there are a few issues to consider before installing: 1) The SKILL.md promises robots.txt compliance but the code does not implement it — if you require crawling policy enforcement, ask the author to add a robots check. 2) The tool will fetch any URL you give it; that enables SSRF-like access to internal network services or cloud metadata endpoints reachable from the agent. If this is sensitive in your environment, run the skill in a network-restricted sandbox or add an allowlist/blocklist for hosts/IP ranges. 3) The timeout logic can produce false 'request timeout' errors because the timer isn't cleared on success — this is a reliability bug. 4) Registry/package version mismatch (registry 1.0.5 vs package.json 1.0.1) is a minor integrity flag — consider asking the publisher for clarification. If you decide to use it, test in an isolated environment and request the maintainer to fix robots.txt handling, add host restrictions, and correct the timeout handling.
功能分析
Type: OpenClaw Skill
Name: emily-web-fetch
Version: 1.0.5
The skill provides a tool to fetch web content via HTTP/HTTPS, but the implementation in index.js lacks any URL validation or IP blacklisting. This creates a significant Server-Side Request Forgery (SSRF) vulnerability, potentially allowing the agent to access internal network resources or metadata services (e.g., 169.254.169.254). While the behavior aligns with the stated purpose in SKILL.md and there is no evidence of intentional malice, the high-risk nature of unconstrained network requests warrants a suspicious classification.
能力评估
Purpose & Capability
The name, description, SKILL.md, and index.js all implement an HTTP/HTTPS GET fetcher with a 5000-character truncation. No unrelated environment variables, binaries, or install steps are requested. Minor inconsistency: registry metadata lists version 1.0.5 while package.json contains version 1.0.1.
Instruction Scope
SKILL.md states the tool will 'respect robots.txt', but the runtime code does not check robots.txt. The tool accepts arbitrary URLs with no host/ IP allowlist or explicit prohibition of private/network addresses, which enables server-side request forgery (SSRF) from the agent's environment. Redirects are not followed — the code returns a redirect message — which is coherent but should be documented. The implementation also uses a setTimeout for a 10s timeout but does not clear it on success, which can lead to spurious 'request timeout' rejections after a successful response.
Install Mechanism
No install spec; the skill is instruction-only plus a small included JS file that uses only built-in http/https modules. Nothing is downloaded from third-party hosts and no archives are extracted.
Credentials
The skill requests no environment variables or credentials, which is proportional to a stateless fetch tool. However, because it will make arbitrary network requests, it can be used to probe internal services or metadata endpoints accessible from the agent, so network access policies should be considered.
Persistence & Privilege
Default privileges (always: false, model invocation enabled). The skill does not request persistent or elevated platform privileges and does not modify other skills or system configuration.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install emily-web-fetch - 安装完成后,直接呼叫该 Skill 的名称或使用
/emily-web-fetch触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.5
- Major cleanup: removed redundant and nested files, keeping only the main index.js.
- Simplified skill structure to improve maintainability.
- No changes to functionality or user experience.
v1.0.4
- Added several new files to support nested skill structure.
- Updated metadata and main index files to align with the new layout.
- No changes to end-user functionality.
v1.0.3
- Initial release of emily-web-fetch as a standalone skill package
- Added core files: SKILL.md, index.js, openclaw.json, and package.json
- Updated metadata for the new skill structure
- No changes to functionality or documentation content
v1.0.2
- Initial release of emily-web-fetch skill.
- Provides a tool to fetch web pages via HTTP/HTTPS and return up to 5000 characters of text.
- Supports basic static HTML pages; does not fetch JavaScript-rendered content.
- Suitable for retrieving and summarizing news, announcements, or data pages.
v1.0.1
- Added SKILL.md documentation describing the web content fetching capability.
- Clarified tool usage and limitations, including support for static HTML only and a 5000-character content limit.
- Provided usage examples and guidelines for responsible use (respecting robots.txt).
元数据
常见问题
Emily Web Fetch 是什么?
Fetch static webpage content up to 5000 characters via HTTP/HTTPS GET for analysis, summarization, or information extraction. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 962 次。
如何安装 Emily Web Fetch?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install emily-web-fetch」即可一键安装,无需额外配置。
Emily Web Fetch 是免费的吗?
是的,Emily Web Fetch 完全免费(开源免费),可自由下载、安装和使用。
Emily Web Fetch 支持哪些平台?
Emily Web Fetch 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Emily Web Fetch?
由 emilyzhang01(@emilyzhang01)开发并维护,当前版本 v1.0.5。
推荐 Skills