pi-scurl

Secure web fetch extension for pi. Fetches URLs and returns clean, LLM-optimized markdown.

Inspired by scurl, rebuilt in TypeScript with mdream for HTML-to-markdown conversion.

Features

• HTML → Markdown via mdream (~50-99% token reduction)
• Secret scanning — blocks outgoing requests containing API keys, tokens, private keys
• Prompt injection detection — regex-based detection with configurable actions (warn/redact/tag)
• Output truncation — stays within pi's context limits

Tool: web_fetch

web_fetch(url, options?)

| Parameter | Type | Default | Description | | ------------------ | ------- | -------- | ------------------------------------------------- | | url | string | required | URL to fetch | | raw | boolean | false | Skip HTML-to-markdown conversion | | minimal | boolean | true | Use mdream minimal preset (strips nav, ads, etc.) | | headers | object | {} | Custom request headers | | timeout | number | 30000 | Request timeout in ms | | injection_action | enum | "warn" | Action on injection: warn, redact, tag, none |

Secret Patterns

Detects 25+ secret formats: AWS, GitHub, GitLab, Slack, Stripe, Google, npm, PyPI, OpenAI, Anthropic, and more. Authorization headers are excluded (expected to contain tokens).

Injection Detection

Pattern categories: instruction override, role injection, system manipulation, prompt leak, jailbreak keywords, encoding markers, suspicious delimiters.

Actions:

• warn — wraps in <suspected-prompt-injection> + <untrusted> tags
• redact — masks matched patterns with █ characters
• tag — wraps in <untrusted> tags only
• none — disabled

Install

Referenced as a local package in config/pi/settings.jsonc:

"~/.config/dotfiles/packages/pi-scurl"

Deps installed automatically by nix activation.