From b5c0de0a4607bcca701202a4f34da408ae1f012a Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Thu, 23 Apr 2026 11:44:55 +0000
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=92=20[security]=20Add=20timeout=20to?=
 =?UTF-8?q?=20requests.get=20calls=20in=20SkillFetcher?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Added a 10-second timeout to all HTTP GET requests in `claw2manus/fetcher.py` to prevent the application from hanging indefinitely when fetching remote skills or discovering authors.

Affected methods:
- `fetch_skill_from_github`
- `fetch_skill_from_clawhub_website`
- `discover_author_via_github`

Co-authored-by: frostmute <989225+frostmute@users.noreply.github.com>
---
 claw2manus/fetcher.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/claw2manus/fetcher.py b/claw2manus/fetcher.py
index 84ad7c6..e46324b 100644
--- a/claw2manus/fetcher.py
+++ b/claw2manus/fetcher.py
@@ -11,7 +11,7 @@ class SkillFetcher:
     def fetch_skill_from_github(self, author: str, name: str) -> str | None:
         url = self.CLAW_HUB_RAW_GITHUB_URL.format(author=author, name=name)
         try:
-            response = requests.get(url)
+            response = requests.get(url, timeout=10)
             response.raise_for_status()  # Raise an exception for HTTP errors
             return response.text
         except requests.exceptions.RequestException as e:
@@ -22,7 +22,7 @@ def fetch_skill_from_clawhub_website(self, name: str) -> str | None:
         """Scrapes SKILL.md content from clawhub.ai."""
         url = self.CLAW_HUB_WEBSITE_URL.format(name=name)
         try:
-            response = requests.get(url)
+            response = requests.get(url, timeout=10)
             response.raise_for_status()
             soup = BeautifulSoup(response.text, 'html.parser')
             
@@ -46,7 +46,7 @@ def discover_author_via_github(self, name: str) -> str | None:
         url = self.GITHUB_SEARCH_API_URL.format(name=name)
         headers = {"Accept": "application/vnd.github.v3+json"}
         try:
-            response = requests.get(url, headers=headers)
+            response = requests.get(url, headers=headers, timeout=10)
             response.raise_for_status()
             data = response.json()
             if data.get("total_count", 0) > 0: