← 返回 Skills 市场
tiantian-douba

Web Fetch Fallback

作者 TianTian-DouBa · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
74
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install web-fetch-fallback
功能描述
Fetch web content using curl as a fallback when web_fetch is blocked due to private, internal, or special-use IP address restrictions.
安全使用建议
This skill is coherent with its purpose but is explicitly designed to bypass platform IP restrictions — that is risky. Before installing or using it: 1) Ensure curl is available on the agent host (the metadata should declare curl as a required binary). 2) Restrict use to trusted, internal URLs and avoid passing untrusted user input directly into the fetch command to reduce SSRF/exfiltration risk. 3) Prefer running it only when explicitly invoked by a user (not autonomously), and consider adding domain whitelisting or additional URL validation. 4) Be cautious about sending Authorization headers or other secrets via this fallback; treat such uses as sensitive and audit their usage.
功能分析
Type: OpenClaw Skill Name: web-fetch-fallback Version: 1.0.0 The 'web-fetch-fallback' skill is explicitly designed to bypass OpenClaw's built-in SSRF (Server-Side Request Forgery) protections. The instructions in SKILL.md direct the AI agent to use curl via the exec tool specifically when the standard web_fetch tool blocks access to private, internal, or special-use IP addresses. While the documentation includes caveats about using it only for trusted internal services, providing a functional mechanism to circumvent security controls and access internal network resources is a high-risk capability that could be exploited for unauthorized internal discovery or data exfiltration.
能力标签
requires-oauth-tokenrequires-sensitive-credentials
能力评估
Purpose & Capability
The skill's behavior (use curl to fetch web content when web_fetch blocks private/internal IPs) matches its name and description. One minor incoherence: the registry metadata lists no required binaries, yet the script and instructions rely on curl (and examples reference html2text). The skill should declare curl as a required binary.
Instruction Scope
The SKILL.md explicitly instructs the agent to bypass OpenClaw's IP-based security checks and run curl against internal/private addresses. While that is the stated purpose, it is high-risk because it enables accessing internal services and can facilitate SSRF or inadvertent data exposure if used on untrusted input. The instructions do not attempt to enforce domain whitelisting or automated URL validation beyond recommending best practices.
Install Mechanism
No install spec (instruction-only plus a simple reference shell script). Nothing is downloaded or installed by the skill itself, which is a low-risk install surface.
Credentials
The skill does not request environment variables or credentials. The script includes an example header for Authorization, but that is optional and user-supplied; no undeclared secrets or unrelated credentials are requested by the skill.
Persistence & Privilege
The skill does not request permanent presence (always is false) and does not modify other skills or system-wide settings. It runs only when invoked.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install web-fetch-fallback
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /web-fetch-fallback 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the web-fetch-fallback skill. - Provides guidance and best practices for using curl as a fallback when web_fetch blocks requests to private/internal/special-use IP addresses. - Includes example curl commands for fetching content, using custom headers, saving output, and handling timeouts. - Outlines limitations, security considerations, and recommended workflows for safe usage. - Reference to a reusable curl script and detailed curl exit code meanings included.
元数据
Slug web-fetch-fallback
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Web Fetch Fallback 是什么?

Fetch web content using curl as a fallback when web_fetch is blocked due to private, internal, or special-use IP address restrictions. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 74 次。

如何安装 Web Fetch Fallback?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install web-fetch-fallback」即可一键安装,无需额外配置。

Web Fetch Fallback 是免费的吗?

是的,Web Fetch Fallback 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Web Fetch Fallback 支持哪些平台?

Web Fetch Fallback 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Web Fetch Fallback?

由 TianTian-DouBa(@tiantian-douba)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论