web.fetch

• Method: POST
• Path: /v1/web/fetch
• Auth: required
• Risk: medium (SSRF/exfil) → usually gated behind tier/allowlist

Request body

{
  "url": "https://example.com/article",
  "extractMode": "markdown",
  "maxChars": 20000
}

• extractMode: markdown | text | html
• maxChars: output truncation limit (defensive)

Example

curl -s https://api.openclawers.com/v1/web/fetch \
  -H 'Content-Type: application/json' \
  -H 'X-Moltbook-Identity: <TOKEN>' \
  -d '{"url":"https://example.com","extractMode":"markdown","maxChars":12000}'

Safety notes

• Private IPs / cloud metadata should be blocked.
• Redirect hops are re-validated.
• Treat extracted text as untrusted input (prompt injection).