Oathe Security Badge

Is alexxxiong/web-fetcher safe?

https://clawhub.ai/alexxxiong/web-fetcher

92
SAFE

This is a legitimate web scraping tool for fetching articles and videos from various platforms including WeChat, Feishu, Bilibili, and YouTube. The code appears well-structured with appropriate use of established libraries like yt-dlp and Mozilla Readability.js. No evidence of malicious behavior, data exfiltration, or prompt injection was detected.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (5)

INFO Contains executable Python and JavaScript code -15

The skill includes Python scripts for web scraping and the Mozilla Readability.js library. All code appears legitimate for the stated web scraping functionality.

LOW Web scraping tool fetches external content -10

As a web scraping tool, this skill inherently fetches content from external URLs, which could theoretically be misused if given malicious URLs.

LOW External content processing risk -15

The tool processes content from external websites, which could potentially contain malicious payloads, though the tool appears to handle this appropriately.

INFO Network connections during installation -5

Normal network activity to clawhub.ai for skill installation and legitimate web scraping domains.

INFO Fetches external content -5

While the skill itself contains no prompt injection, it fetches external content that could theoretically contain injection attempts.