fix: expand SSRF guard coverage

src/agents/skills-install.ts

@@ -5,6 +5,7 @@ import { Readable } from "node:stream";
 import { pipeline } from "node:stream/promises";
 import type { OpenClawConfig } from "../config/config.js";
 import { resolveBrewExecutable } from "../infra/brew.js";
+import { fetchWithSsrFGuard } from "../infra/net/fetch-guard.js";
 import { runCommandWithTimeout } from "../process/exec.js";
 import { CONFIG_DIR, ensureDir, resolveUserPath } from "../utils.js";
 import {
@@ -176,10 +177,11 @@ async function downloadFile(
   destPath: string,
   timeoutMs: number,
 ): Promise<{ bytes: number }> {
-  const controller = new AbortController();
-  const timeout = setTimeout(() => controller.abort(), Math.max(1_000, timeoutMs));
+  const { response, release } = await fetchWithSsrFGuard({
+    url,
+    timeoutMs: Math.max(1_000, timeoutMs),
+  });
   try {
-    const response = await fetch(url, { signal: controller.signal });
     if (!response.ok || !response.body) {
       throw new Error(`Download failed (${response.status} ${response.statusText})`);
     }
@@ -193,7 +195,7 @@ async function downloadFile(
     const stat = await fs.promises.stat(destPath);
     return { bytes: stat.size };
   } finally {
-    clearTimeout(timeout);
+    await release();
   }
 }
 

src/agents/tools/web-fetch.ts

@@ -394,10 +394,12 @@ async function runWebFetch(params: {
       url: params.url,
       maxRedirects: params.maxRedirects,
       timeoutMs: params.timeoutSeconds * 1000,
-      headers: {
-        Accept: "*/*",
-        "User-Agent": params.userAgent,
-        "Accept-Language": "en-US,en;q=0.9",
+      init: {
+        headers: {
+          Accept: "*/*",
+          "User-Agent": params.userAgent,
+          "Accept-Language": "en-US,en;q=0.9",
+        },
       },
     });
     res = result.response;