feat: server-side save-skill API for Chrome extension (#66)

* feat: move extension save-skill to server-side API

Chrome Web Store rejected the content script approach since it doesn't
inject on pre-existing tabs. Move webpage-to-skill conversion from
client-side to a server-side API route that uses Turndown + weighted
tag detection, eliminating the need for content scripts entirely.

- Add POST /api/save-skill route with SSRF protection and rate limiting
- Rewrite extension to call API with tab URL instead of injecting scripts
- Remove content script, scripting permission, and turndown dependency
- Add name field validation and YAML-escape source URLs
- Bump extension manifest to v1.18.0

* fix: update privacy policy and store listing for server-side save

Privacy policy previously stated "no external requests" which is now
inaccurate. Updated to clearly disclose that the page URL is sent to
agenstskills.com for processing, what data is NOT sent, and that
nothing is stored server-side.

Store listing updated to match: removed "no server" claims, added
data flow explanation, permissions justifications, and data usage
disclosure section for the Chrome Web Store Privacy tab.

* fix: address Devin and CodeRabbit review findings

- Fix SSRF IPv6 checks blocking legit domains (ffmpeg.org, fdroid.org)
  by requiring colon in fc00:/ff prefixes (Devin)
- Add 5MB response body size limit to prevent OOM on large pages,
  applied to both extractFromUrl and fetchGitHubContent (CodeRabbit)
- Guard response.json() in callSaveApi against non-JSON error pages
  from proxies returning HTML 502/504 (CodeRabbit)
- YAML-escape source URL in buildSelectionSkill to match server-side
  handling of URLs with #, :, or query strings (CodeRabbit)

Author: rohitg00

docs/fumadocs/package.json

@@ -21,14 +21,16 @@
     "next-themes": "^0.4.6",
     "react": "^19.2.3",
     "react-dom": "^19.2.3",
-    "tailwind-merge": "^3.4.0"
+    "tailwind-merge": "^3.4.0",
+    "turndown": "^7.2.2"
   },
   "devDependencies": {
     "@tailwindcss/postcss": "^4.1.18",
     "@types/mdx": "^2.0.13",
     "@types/node": "^24.10.2",
     "@types/react": "^19.2.7",
     "@types/react-dom": "^19.2.3",
+    "@types/turndown": "^5.0.6",
     "postcss": "^8.5.6",
     "tailwindcss": "^4.1.18",
     "typescript": "^5.9.3"

docs/fumadocs/src/app/api/save-skill/route.ts

@@ -0,0 +1,291 @@
+import { NextRequest, NextResponse } from 'next/server';
+import TurndownService from 'turndown';
+
+const rateLimitMap = new Map<string, { count: number; resetTime: number }>();
+const RATE_LIMIT_WINDOW_MS = 60 * 1000;
+const RATE_LIMIT_MAX_REQUESTS = 10;
+
+function checkRateLimit(key: string): { allowed: boolean; remaining: number } {
+  const now = Date.now();
+  const entry = rateLimitMap.get(key);
+
+  if (!entry || now > entry.resetTime) {
+    rateLimitMap.set(key, { count: 1, resetTime: now + RATE_LIMIT_WINDOW_MS });
+    return { allowed: true, remaining: RATE_LIMIT_MAX_REQUESTS - 1 };
+  }
+
+  if (entry.count >= RATE_LIMIT_MAX_REQUESTS) {
+    return { allowed: false, remaining: 0 };
+  }
+
+  entry.count++;
+  return { allowed: true, remaining: RATE_LIMIT_MAX_REQUESTS - entry.count };
+}
+
+const BLOCKED_HOSTS = new Set(['localhost', '127.0.0.1', '[::1]', '::1', '0.0.0.0']);
+
+function isAllowedUrl(url: string): boolean {
+  try {
+    const parsed = new URL(url);
+    if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:') return false;
+
+    const hostname = parsed.hostname.toLowerCase();
+    const bare = hostname.replace(/^\[|\]$/g, '');
+
+    if (BLOCKED_HOSTS.has(hostname) || BLOCKED_HOSTS.has(bare)) return false;
+    if (bare.startsWith('::ffff:')) return isAllowedUrl(`http://${bare.slice(7)}`);
+    if (/^127\./.test(bare) || /^0\./.test(bare)) return false;
+    if (bare.startsWith('10.') || bare.startsWith('192.168.')) return false;
+    if (/^172\.(1[6-9]|2\d|3[01])\./.test(bare)) return false;
+    if (bare.startsWith('169.254.')) return false;
+    if (bare.startsWith('fe80:') || bare.startsWith('fc00:') || bare.startsWith('fd')) return false;
+    if (/^(22[4-9]|23\d|24\d|25[0-5])\./.test(bare)) return false;
+    if (/^ff[0-9a-f]{2}:/.test(bare)) return false;
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+const GITHUB_URL_PATTERN = /^https?:\/\/github\.com\/([^/]+)\/([^/]+)\/blob\/([^/]+)\/(.+)$/;
+const GITHUB_RAW_PATTERN = /^https?:\/\/raw\.githubusercontent\.com\//;
+const FETCH_TIMEOUT = 30_000;
+
+const TECH_KEYWORDS = new Set([
+  'react', 'vue', 'angular', 'svelte', 'nextjs', 'nuxt', 'remix',
+  'typescript', 'javascript', 'python', 'rust', 'go', 'java', 'ruby',
+  'node', 'deno', 'bun', 'docker', 'kubernetes', 'terraform',
+  'aws', 'gcp', 'azure', 'vercel', 'netlify', 'cloudflare',
+  'graphql', 'rest', 'grpc', 'websocket', 'redis', 'postgres',
+  'mongodb', 'sqlite', 'mysql', 'prisma', 'drizzle',
+  'tailwind', 'css', 'html', 'sass', 'webpack', 'vite', 'esbuild',
+  'git', 'ci', 'cd', 'testing', 'security', 'authentication',
+  'api', 'cli', 'sdk', 'mcp', 'llm', 'ai', 'ml', 'openai', 'anthropic',
+]);
+
+const TAG_PATTERN = /^[a-z0-9]+(-[a-z0-9]+)*$/;
+
+const turndown = new TurndownService({ headingStyle: 'atx', codeBlockStyle: 'fenced' });
+
+interface ExtractedContent {
+  title: string;
+  content: string;
+  sourceUrl: string;
+  contentType: string;
+  language?: string;
+}
+
+async function extractFromUrl(url: string): Promise<ExtractedContent> {
+  if (GITHUB_URL_PATTERN.test(url) || GITHUB_RAW_PATTERN.test(url)) {
+    return fetchGitHubContent(url);
+  }
+
+  const MAX_BODY_SIZE = 5 * 1024 * 1024;
+  const response = await fetch(url, { signal: AbortSignal.timeout(FETCH_TIMEOUT) });
+  if (!response.ok) {
+    throw new Error(`Failed to fetch ${url}: ${response.status} ${response.statusText}`);
+  }
+
+  const contentLength = Number(response.headers.get('content-length') || '0');
+  if (contentLength > MAX_BODY_SIZE) {
+    throw new Error('Response too large');
+  }
+
+  const contentType = response.headers.get('content-type') ?? '';
+  const body = await response.text();
+  if (body.length > MAX_BODY_SIZE) {
+    throw new Error('Response too large');
+  }
+
+  if (contentType.includes('text/html')) {
+    const titleMatch = body.match(/<title[^>]*>([^<]+)<\/title>/i);
+    const title = titleMatch?.[1]?.trim() ?? new URL(url).hostname;
+    const bodyMatch = body.match(/<body[^>]*>([\s\S]*)<\/body>/i);
+    const content = turndown.turndown(bodyMatch?.[1] ?? body);
+    return { title, content, sourceUrl: url, contentType: 'webpage' };
+  }
+
+  const title = new URL(url).pathname.split('/').pop() ?? 'Untitled';
+  return { title, content: body, sourceUrl: url, contentType: 'text' };
+}
+
+const LANG_MAP: Record<string, string> = {
+  '.ts': 'typescript', '.tsx': 'typescript', '.js': 'javascript', '.jsx': 'javascript',
+  '.py': 'python', '.rb': 'ruby', '.go': 'go', '.rs': 'rust', '.java': 'java',
+  '.kt': 'kotlin', '.swift': 'swift', '.sh': 'shell', '.yml': 'yaml', '.yaml': 'yaml',
+  '.json': 'json', '.md': 'markdown', '.html': 'html', '.css': 'css', '.sql': 'sql',
+};
+
+async function fetchGitHubContent(url: string): Promise<ExtractedContent> {
+  let rawUrl = url;
+  const match = url.match(GITHUB_URL_PATTERN);
+  if (match) {
+    const [, owner, repo, branch, path] = match;
+    rawUrl = `https://raw.githubusercontent.com/${owner}/${repo}/${branch}/${path}`;
+  }
+
+  const MAX_BODY_SIZE = 5 * 1024 * 1024;
+  const response = await fetch(rawUrl, { signal: AbortSignal.timeout(FETCH_TIMEOUT) });
+  if (!response.ok) {
+    throw new Error(`Failed to fetch GitHub content: ${response.status} ${response.statusText}`);
+  }
+
+  const contentLength = Number(response.headers.get('content-length') || '0');
+  if (contentLength > MAX_BODY_SIZE) {
+    throw new Error('Response too large');
+  }
+
+  const body = await response.text();
+  if (body.length > MAX_BODY_SIZE) {
+    throw new Error('Response too large');
+  }
+  const filename = rawUrl.split('/').pop() ?? 'file';
+  const ext = filename.includes('.') ? '.' + filename.split('.').pop()!.toLowerCase() : '';
+  const language = LANG_MAP[ext];
+  const isCode = language !== undefined && language !== 'markdown';
+  const content = isCode ? `\`\`\`${language}\n${body}\n\`\`\`` : body;
+
+  return { title: filename, content, sourceUrl: url, contentType: 'github', language };
+}
+
+function addTag(counts: Map<string, number>, tag: string, weight: number): void {
+  if (TAG_PATTERN.test(tag)) {
+    counts.set(tag, (counts.get(tag) ?? 0) + weight);
+  }
+}
+
+function detectTags(extracted: ExtractedContent): string[] {
+  const counts = new Map<string, number>();
+
+  try {
+    const segments = new URL(extracted.sourceUrl).pathname
+      .split('/').filter(Boolean)
+      .map((s) => s.toLowerCase().replace(/[^a-z0-9-]/g, ''));
+    for (const seg of segments) {
+      if (seg.length >= 2 && seg.length <= 30) {
+        addTag(counts, seg, 2);
+      }
+    }
+  } catch { /* skip */ }
+
+  const headingRe = /^#{1,2}\s+(.+)$/gm;
+  let m: RegExpExecArray | null;
+  while ((m = headingRe.exec(extracted.content)) !== null) {
+    for (const word of m[1].toLowerCase().split(/\s+/)) {
+      const cleaned = word.replace(/[^a-z0-9-]/g, '');
+      if (cleaned.length >= 2) {
+        addTag(counts, cleaned, 2);
+      }
+    }
+  }
+
+  const codeBlockRe = /^```(\w+)/gm;
+  while ((m = codeBlockRe.exec(extracted.content)) !== null) {
+    const lang = m[1].toLowerCase();
+    if (lang.length >= 2) {
+      addTag(counts, lang, 3);
+    }
+  }
+
+  const lower = extracted.content.toLowerCase();
+  for (const keyword of TECH_KEYWORDS) {
+    if (new RegExp(`\\b${keyword}\\b`, 'i').test(lower)) {
+      addTag(counts, keyword, 1);
+    }
+  }
+
+  if (extracted.language) {
+    addTag(counts, extracted.language.toLowerCase(), 3);
+  }
+
+  return Array.from(counts.entries())
+    .sort((a, b) => b[1] - a[1])
+    .slice(0, 10)
+    .map(([tag]) => tag);
+}
+
+function slugify(input: string): string {
+  const slug = input
+    .toLowerCase()
+    .replace(/[^a-z0-9]+/g, '-')
+    .replace(/^-+|-+$/g, '')
+    .replace(/-{2,}/g, '-');
+  return slug.slice(0, 64).replace(/-+$/, '') || 'untitled-skill';
+}
+
+function yamlEscape(value: string): string {
+  const singleLine = value.replace(/\r?\n/g, ' ').trim();
+  if (/[:#{}[\],&*?|>!%@`]/.test(singleLine) || singleLine.startsWith("'") || singleLine.startsWith('"')) {
+    return `"${singleLine.replace(/\\/g, '\\\\').replace(/"/g, '\\"')}"`;
+  }
+  return singleLine;
+}
+
+export async function POST(request: NextRequest) {
+  const ip = request.headers.get('x-forwarded-for')?.split(',')[0]?.trim() ?? 'unknown';
+  const { allowed, remaining } = checkRateLimit(ip);
+
+  if (!allowed) {
+    return NextResponse.json(
+      { error: 'Too many requests. Try again in a minute.' },
+      { status: 429, headers: { 'X-RateLimit-Remaining': '0', 'Retry-After': '60' } },
+    );
+  }
+
+  let body: { url?: string; name?: string };
+  try {
+    body = await request.json();
+  } catch {
+    return NextResponse.json({ error: 'Invalid JSON body' }, { status: 400 });
+  }
+
+  const { url, name } = body;
+  if (!url || typeof url !== 'string') {
+    return NextResponse.json({ error: 'Missing required field: url' }, { status: 400 });
+  }
+
+  if (name !== undefined && typeof name !== 'string') {
+    return NextResponse.json({ error: 'Field "name" must be a string' }, { status: 400 });
+  }
+
+  if (!isAllowedUrl(url)) {
+    return NextResponse.json({ error: 'URL not allowed' }, { status: 403 });
+  }
+
+  try {
+    const extracted = await extractFromUrl(url);
+    const tags = detectTags(extracted);
+
+    const skillName = slugify(name || extracted.title || 'untitled');
+    const description = extracted.content
+      .split('\n')
+      .find((l) => l.trim().length > 0)
+      ?.replace(/^#+\s*/, '')
+      .trim()
+      .slice(0, 200) || 'Saved skill';
+    const savedAt = new Date().toISOString();
+
+    const yamlTags = tags.length > 0
+      ? `tags:\n${tags.map((t) => `  - ${t}`).join('\n')}\n`
+      : '';
+
+    const skillMd =
+      `---\n` +
+      `name: ${skillName}\n` +
+      `description: ${yamlEscape(description)}\n` +
+      yamlTags +
+      `metadata:\n` +
+      `  source: ${yamlEscape(url)}\n` +
+      `  savedAt: ${savedAt}\n` +
+      `---\n\n` +
+      extracted.content + '\n';
+
+    return NextResponse.json(
+      { name: skillName, skillMd, tags, description },
+      { headers: { 'X-RateLimit-Remaining': String(remaining) } },
+    );
+  } catch (err) {
+    const message = err instanceof Error ? err.message : 'Failed to extract content';
+    return NextResponse.json({ error: message }, { status: 502 });
+  }
+}

docs/skillkit/public/privacy.html

@@ -24,21 +24,30 @@
   <div class="container">
     <a href="/" class="back">&larr; Back to SkillKit</a>
     <h1>Privacy Policy</h1>
-    <p class="updated">Last updated: February 10, 2026</p>
+    <p class="updated">Last updated: February 14, 2026</p>
 
     <h2>Overview</h2>
     <p>SkillKit ("we", "our", "us") is an open-source CLI tool and Chrome extension for managing AI agent skills. We are committed to protecting your privacy. This policy explains what data we collect (or don't) across all SkillKit products.</p>
 
     <h2>Chrome Extension — "SkillKit - Save as Skill"</h2>
-    <p>The Chrome extension operates entirely within your browser. It does not collect, transmit, or store any personal data externally.</p>
+    <p>The Chrome extension helps you save webpages as AI agent skill files.</p>
     <ul>
-      <li><strong>No data collection:</strong> We do not collect browsing history, page content, personal information, or any other user data.</li>
-      <li><strong>No external requests:</strong> The extension makes zero network requests. All processing (HTML to markdown conversion, SKILL.md generation) happens locally in your browser.</li>
+      <li><strong>What data is sent:</strong> When you click "Save as Skill", the extension sends the URL of the current page to our server at <code>agenstskills.com/api/save-skill</code>. This is required to fetch and convert the webpage content into a skill file.</li>
+      <li><strong>What data is NOT sent:</strong> We do not send page content, browsing history, personal information, cookies, authentication tokens, or any data beyond the single URL you choose to save.</li>
+      <li><strong>No data stored on server:</strong> The URL is processed in real time to extract content, generate tags, and build the skill file. No URLs, page content, or user data are stored, logged, or retained on the server after the response is returned.</li>
+      <li><strong>Selection saves are local:</strong> When you save selected text via the right-click menu, the skill file is built entirely in the browser with no network requests.</li>
       <li><strong>No analytics or tracking:</strong> We do not use any analytics, telemetry, or tracking services.</li>
-      <li><strong>Local storage only:</strong> The Chrome storage API is used solely to store user preferences (e.g., default settings) on your device. This data never leaves your browser.</li>
+      <li><strong>No user accounts:</strong> No login, API key, or account is required.</li>
       <li><strong>Downloads:</strong> Generated skill files are saved to your local filesystem via the Chrome Downloads API. No files are uploaded anywhere.</li>
     </ul>
 
+    <h2>Permissions Used</h2>
+    <ul>
+      <li><strong>activeTab:</strong> Read the URL and title of the tab you are viewing when you click the extension. Only accessed when you actively use the extension.</li>
+      <li><strong>contextMenus:</strong> Add "Save page as Skill" and "Save selection as Skill" to the right-click menu.</li>
+      <li><strong>downloads:</strong> Save the generated SKILL.md file to your Downloads folder.</li>
+    </ul>
+
     <h2>CLI Tool</h2>
     <p>The SkillKit CLI runs entirely on your local machine. It does not phone home, collect telemetry, or transmit any data to external servers unless you explicitly use network features (e.g., <code>skillkit install</code> fetches public GitHub repositories).</p>
 
@@ -49,10 +58,10 @@ <h2>Website</h2>
     <p>The SkillKit website (<a href="https://agenstskills.com">agenstskills.com</a>) is a static site hosted on Vercel. We do not use cookies, analytics trackers, or collect personal information. Vercel may collect standard web server logs (IP address, user agent) as described in their <a href="https://vercel.com/legal/privacy-policy">privacy policy</a>.</p>
 
     <h2>Third-Party Services</h2>
-    <p>SkillKit does not integrate with any third-party data processors, advertising networks, or analytics services.</p>
+    <p>The Chrome extension communicates with <code>agenstskills.com</code> (our own server, hosted on Vercel) to process webpage URLs. No third-party data processors, advertising networks, or analytics services are used.</p>
 
     <h2>Data Retention</h2>
-    <p>We do not retain any user data because we do not collect any user data.</p>
+    <p>We do not retain any user data. URLs sent to the API are processed in memory and discarded immediately after the response.</p>
 
     <h2>Changes to This Policy</h2>
     <p>We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date.</p>

packages/extension/package.json

@@ -9,12 +9,9 @@
     "dev": "tsup --watch",
     "typecheck": "tsc --noEmit"
   },
-  "dependencies": {
-    "turndown": "^7.2.2"
-  },
+  "dependencies": {},
   "devDependencies": {
     "@types/chrome": "^0.0.280",
-    "@types/turndown": "^5.0.6",
     "tsup": "^8.3.5",
     "typescript": "^5.7.2"
   }