← 返回 Skills 市场

inline-asset-probe

Name: inline-asset-probe
Author: yibeiqingtian-ai

作者 yibeiqingtian-ai · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

153

总下载

当前安装

版本数

在 OpenClaw 中安装

/install inline-asset-probe

功能描述

Fetch a URL with curl/wget, extract inline base64 data URIs, and best-effort decode any content to inspect embedded assets.

使用说明 (SKILL.md)

Inline Asset Probe

Practical utility for quickly extracting inline assets from HTML or CSS and inspecting base64-encoded payloads.

What It Does

Fetches a target URL using curl or wget
Scans for inline data:*;base64, assets and saves them as files
Optionally base64-decodes the entire response as a best-effort probe

Usage

PowerShell:

powershell -ExecutionPolicy Bypass -File run.ps1.txt -Url https://example.com

Save raw response and decode any content:

powershell -ExecutionPolicy Bypass -File run.ps1.txt -Url https://example.com -SaveResponse -DecodeResponse

Limit extracted assets and choose output directory:

powershell -ExecutionPolicy Bypass -File run.ps1.txt -Url https://example.com -OutDir probe_out -MaxAssets 20

Output

probe_out/response.bin when -SaveResponse
probe_out/assets/asset_*.ext for extracted inline assets
probe_out/decoded.bin when -DecodeResponse

Notes

-DecodeResponse performs a best-effort base64 decode of any content by stripping non-base64 characters and padding to a 4-byte boundary.
Works best for HTML/CSS pages with inline data URIs.

安全使用建议

This skill appears coherent with its description, but please consider the following before running: - The included script requires curl or wget on PATH even though registry metadata lists no required binaries; verify you have curl.exe or wget.exe available. The script will throw if neither is found. - The script fetches arbitrary URLs and writes files to disk (default probe_out). Only run it on URLs you trust, or run in an isolated/sandboxed environment to avoid writing potentially malicious payloads to your main filesystem. - The -DecodeResponse option performs a best-effort base64 decode of any bytes and may produce binary blobs; scan extracted files with antivirus and avoid executing them. - Usage examples show running PowerShell with -ExecutionPolicy Bypass; inspect the script yourself before running and avoid permanently lowering execution policy. - Note: on some Windows systems "curl" may be an alias for a PowerShell cmdlet rather than curl.exe; the script prefers curl.exe but may fall back to invoking "curl" or "wget" which can behave differently. If you need stronger assurance: run the script in a disposable VM/container, confirm presence of curl.exe/wget.exe, and review extracted output before opening any files.

功能分析

Type: OpenClaw Skill Name: inline-asset-probe Version: 1.0.0 The 'inline-asset-probe' skill is a utility designed to fetch a URL and extract base64-encoded inline assets (like images or fonts) from the response. The PowerShell script (run.ps1.txt) uses standard system tools (curl or wget) to retrieve content and regex to identify data URIs, which is consistent with its stated purpose. There is no evidence of data exfiltration, persistence mechanisms, or malicious command execution.

能力评估

ℹ Purpose & Capability

The declared purpose (fetch a URL, extract data:...;base64 assets, decode) matches the PowerShell script. Minor inconsistency: registry metadata and 'Required binaries' claims no required binaries, but run.ps1 requires either curl.exe or wget.exe (or a curl/wget on PATH). This is an implementation detail, not a functional mismatch.

✓ Instruction Scope

SKILL.md usage matches the included run.ps1. The script only fetches the given URL (via curl/wget), scans the response for data:*;base64, writes extracted files and optional decoded output to a local OutDir. It does not call external endpoints other than the target URL, does not exfiltrate data, and does not execute downloaded content.

✓ Install Mechanism

No install spec (instruction-only). The skill supplies a PowerShell script that will run directly; nothing is downloaded or installed by the skill itself.

✓ Credentials

The skill requests no environment variables or credentials. It uses standard system paths (TEMP) and writes output to a user-specified directory. This is proportional to its purpose.

✓ Persistence & Privilege

always is false and the skill does not modify agent/system configuration or other skills. It runs ad hoc and writes only to the output directory you provide (default probe_out).

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install inline-asset-probe
安装完成后，直接呼叫该 Skill 的名称或使用 /inline-asset-probe 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of inline-asset-probe. - Fetches a URL using curl or wget and scans for inline base64 data URIs in HTML or CSS. - Extracts and saves detected inline assets as files. - Optionally base64-decodes the entire server response for additional inspection. - Configurable output directory, maximum extracted assets, and response saving via command-line options. - Provides PowerShell scripts for usage and automation.

元数据

Slug inline-asset-probe

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题