Skill

safe-fetch

This skill should be used when the user asks to "fetch a URL safely", "sanitize web content", "search the web securely", "check URL safety", "prevent prompt injection from web content", or discusses web fetching security. Also triggers when curl/wget is used to fetch web content.

Install

npx claudepluginhub fakoli/fakoli-plugins --plugin safe-fetch

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Provide sanitized web fetching that strips prompt injection vectors before content reaches the LLM context.

SKILL.md

Similar Skills

agent-eval

Compares coding agents like Claude Code and Aider on custom YAML-defined codebase tasks using git worktrees, measuring pass rate, cost, time, and consistency.

everything-claude-code

157.7k

agent-harness-construction

Designs and optimizes AI agent action spaces, tool definitions, observation formats, error recovery, and context for higher task completion rates.

everything-claude-code

157.7k

accessibility

Designs, implements, and audits WCAG 2.2 AA accessible UIs for Web (ARIA/HTML5), iOS (SwiftUI traits), and Android (Compose semantics). Audits code for compliance gaps.

everything-claude-code

157.7k

Stats

Parent Repo Stars2

Parent Repo Forks0

Last CommitMar 14, 2026

Actions

View Source View Plugin View on GitHub View README

Safe Web Fetch

Provide sanitized web fetching that strips prompt injection vectors before content reaches the LLM context.

Available Tools

Use the safe-fetch MCP tools for all web content retrieval:

mcp__safe-fetch__fetch — Fetch a URL and return sanitized markdown. Supports prompt parameter for focused extraction and max_tokens for content limits.
mcp__safe-fetch__search — Search the web via Brave Search API with sanitized results. Supports location for geo-localized results.
mcp__safe-fetch__check_url — Validate URL against security policy without fetching.

Slash Commands

/fetch <url> [extraction focus] — Fetch with sanitization
/search <query> — Search with sanitization
/check-url <url> — Validate URL safety

Security Layers

Content passes through 6 defense layers:

URL Policy — Domain allowlist/blocklist, SSRF prevention (blocks private IPs, cloud metadata)
Rate Limiting — Per-domain and global token-bucket limits
HTTP Fetch — Timeouts, redirect limits, body size cap
HTML Sanitization — Strips script/style/iframe/svg, hidden elements (display:none, opacity:0, offscreen), comments, data attributes, meta instructions
Text Sanitization — NFKC normalization, removes zero-width/bidi/tag Unicode, strips fake LLM delimiters, detects base64 instruction payloads, defangs exfiltration URLs
Context Framing — Wraps output with untrusted-data markers

When to Prefer safe-fetch Over curl

Always prefer mcp__safe-fetch__fetch over raw curl because:

curl output is raw HTML — unsanitized, token-heavy, and vulnerable to prompt injection
safe-fetch extracts clean markdown with precision and strips all known injection vectors
The PostToolUse hook will warn when curl/wget is used for web fetching

Configuration

Set via environment variables when registering the MCP server:

ALLOWED_DOMAINS — Comma-separated domain allowlist
BLOCKED_DOMAINS — Additional blocked domains
RATE_LIMIT_PER_DOMAIN — Requests per minute per domain (default: 10)
RATE_LIMIT_GLOBAL — Global requests per minute (default: 60)
BRAVE_API_KEY — Required for web search
SAFE_FETCH_TIMEOUT — HTTP timeout in seconds (default: 30)
SAFE_FETCH_MAX_BODY — Max response body in bytes (default: 5MB)