Extract and summarize web articles, 小红书, and Twitter content, then save clips to flomo via webhook or local markdown files with optional tags and summaries.
Security Analysis
high confidenceThe skill mostly does what it says (fetch, extract, save or post clips) but includes a hard-coded third-party flomo webhook, executes a local curl command with proxy-bypass, and can fetch arbitrary URLs — behaviors that could unintentionally exfiltrate data or be abused (SSRF/proxy bypass).
Name/description match the code: it fetches a URL, extracts text, and either posts to a flomo webhook or writes a markdown file. No unrelated credentials or binaries are requested. One notable design choice: a hard-coded default FLOMO webhook is embedded in both SKILL.md and the script instead of forcing the user to configure their own.
The SKILL.md and script instruct the agent to fetch arbitrary URLs and then POST the clipped content to a webhook (default outgoing endpoint present). The script uses child_process execSync to run curl.exe with --noproxy '*' (explicitly bypassing proxies). Fetching arbitrary URLs from the agent runtime can be abused for SSRF (including local/internal IPs) and combined with the default webhook may cause sensitive content to be sent off-host. The SKILL.md does not warn about these risks or require the user to set their own webhook before use.
Instruction-only skill with an included script; there is no installer or remote download of code during install. No unusual install actions are present.
No required env vars are declared, but the code honors FLOMO_WEBHOOK if set and otherwise uses a hard-coded webhook URL. That default endpoint will receive clipped content unless the user overrides it — this is disproportionate because the skill should not ship with someone else's webhook pre-filled. The script also tries to invoke curl.exe (and bypasses proxies), which can interact with system networking configuration in ways the user may not expect.
Skill does not request always:true, does not modify other skills or system-wide settings, and has normal agent-invocation behavior.
Guidance
This skill implements the advertised clipping functionality, but take care before installing or running it. Key things to consider: - Default webhook: the script contains a hard-coded FLOMO webhook URL. If you run it without setting FLOMO_WEBHOOK yourself, clipped content will be posted to that third-party endpoint. Replace the default webhook with your own or set FLOMO_WEBHOOK before running. - SSRF / internal fetch risk: the skill will fetch any URL you provide. Do not allow it to fetch untrusted input (including internal network addresses like 127.0.0.1, 169.254.x.x, or intranet hosts) — an agent or user prompt could be crafted to make it fetch sensitive internal services. - Proxy bypass: the script calls curl.exe with --noproxy "*" on Windows, explicitly bypassing system proxies. This can circumvent corporate monitoring or network controls. If you run on Windows, review or remove that behavior. - Local file writes and paths: the markdown target will write to any path you provide. Avoid running the script as a privileged user and avoid output paths that could overwrite important files. - Review and modify before use: open scripts/clip.js and remove or replace the hard-coded webhook, remove the proxy-bypass flag, and add URL allowlisting/validation if you plan to run this in an environment with sensitive internal endpoints. If you want to allow autonomous agent invocation, constrain the agent's capability to call this skill or require manual approval to avoid unintended data exfiltration. If you want, I can suggest specific, small code changes to remove the default webhook, add URL validation/allowlisting, and remove proxy-bypass behavior.
Latest Release
v1.0.0
Initial release: clip web articles, 小红书, Twitter/X to flomo or local markdown
Popular Skills
Published by @ma-tiezhu on ClawHub
