URL Fetcher

Fetch and save web content using only Python stdlib with URL and path validation, basic HTML-to-markdown conversion, and no API keys or external dependencies.

This skill appears to do what it says (fetch pages, basic HTML→MD conversion) and uses only Python stdlib, but its security checks are incomplete. Before installing or enabling autonomous use: - Review the code yourself (or have a developer do so). Pay attention to the URL validation and path checks. - Do not allow the agent to fetch arbitrary user-provided URLs without restrictions — the script does not prevent requests to private IP ranges or domains that resolve to internal addresses (SSRF risk). - Prefer running the script in a sandbox or container and avoid giving it broad autonomous invocation rights for open-ended inputs. - If you plan to save output files, prefer restricting outputs to a dedicated workspace directory (remove Path.home() from SAFE_PATHS or replace it with a specific workspace path) and implement robust path checks (resolve and ensure the final path is inside an allowlist directory; avoid substring-based blocklists). - Consider hardening URL checks: resolve hostnames and validate the resulting IP is public; explicitly block 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, link-local and other reserved ranges. If you cannot review/modify the code, treat this skill as untrusted and run only in an isolated environment. These weaknesses look like sloppy/insufficient validation rather than intentional harm, but they materially increase risk, so exercise caution.

Type: OpenClaw Skill Name: url-fetcher Version: 1.0.0 The skill is classified as benign. It provides a simple URL fetching utility using only Python's standard library. The code includes explicit and robust security measures, such as `is_safe_path()` in `scripts/url_fetcher.py` to prevent file writes to sensitive system directories or dotfiles (e.g., ~/.ssh, /etc), and URL validation to block `file://`, `data://`, `javascript:` schemes, as well as explicit localhost/internal IP addresses. The `SKILL.md` documentation clearly outlines these security features and limitations, and does not contain any prompt injection attempts or instructions for malicious behavior. While there's a theoretical, more advanced SSRF bypass possible via DNS resolution to internal IPs, the skill actively attempts to prevent SSRF for common cases and its overall design demonstrates a clear intent for secure operation within its stated purpose.