Summary
The web_fetch tool and Firecrawl web_fetch provider fail in proxy-only environments (e.g., OpenShell sandboxes) because their code paths don't pass useEnvProxy: true to the SSRF guard, causing DNS pinning to run before the proxy is used.
web_search works correctly because it uses withTrustedWebToolsEndpoint (which passes useEnvProxy: true). web_fetch uses different code paths that don't.
Environment
- OpenClaw v2026.4.9
- Running inside an OpenShell sandbox with HTTP CONNECT proxy (no direct DNS)
HTTPS_PROXY, HTTP_PROXY, NODE_USE_ENV_PROXY=1 all set
Affected Code Paths
1. Built-in runWebFetch (pi-embedded-*.js)
// ~line 16154 — calls fetchWithWebToolsNetworkGuard WITHOUT useEnvProxy
const result = await fetchWithWebToolsNetworkGuard({
url: params.url,
maxRedirects: params.maxRedirects,
timeoutSeconds: params.timeoutSeconds,
lookupFn: params.lookupFn,
// missing: useEnvProxy: true
init: { headers: { ... } }
});2. Firecrawl client (firecrawl-client-*.js)
Uses withStrictWebToolsEndpoint which calls withWebToolsNetworkGuard without useEnvProxy: true:
// web-shared-*.js
async function withStrictWebToolsEndpoint(params, run) {
return await withWebToolsNetworkGuard(params, run);
// missing: { ...params, useEnvProxy: true }
}Working path (for comparison)
web_search uses withTrustedWebToolsEndpoint:
async function withTrustedWebToolsEndpoint(params, run) {
return await withWebToolsNetworkGuard({
...params,
policy: WEB_TOOLS_TRUSTED_NETWORK_SSRF_POLICY,
useEnvProxy: true // ← this is what web_fetch is missing
}, run);
}Error
[tools] web_fetch failed: getaddrinfo EAI_AGAIN example.com
The SSRF guard tries to resolve the target hostname via DNS before checking the proxy, which fails in environments where all DNS must go through the proxy.
v4.9 Partial Fix
v4.9 improved fetch-guard so that TRUSTED_ENV_PROXY mode skips DNS pinning for the target URL (the env proxy check now runs before resolvePinnedHostnameWithPolicy). However, the callers listed above don't set useEnvProxy: true, so the TRUSTED_ENV_PROXY mode is never activated for web_fetch.
Fix
Add useEnvProxy: true to the fetchWithWebToolsNetworkGuard call in runWebFetch, and pass it through in withStrictWebToolsEndpoint. This is a 2-line change.
Related
Confirmed on v2026.4.9, Linux x64, systemd gateway, OpenShell v0.0.25 sandbox with HTTP CONNECT proxy.
Summary
The
web_fetchtool and Firecrawlweb_fetchprovider fail in proxy-only environments (e.g., OpenShell sandboxes) because their code paths don't passuseEnvProxy: trueto the SSRF guard, causing DNS pinning to run before the proxy is used.web_searchworks correctly because it useswithTrustedWebToolsEndpoint(which passesuseEnvProxy: true).web_fetchuses different code paths that don't.Environment
HTTPS_PROXY,HTTP_PROXY,NODE_USE_ENV_PROXY=1all setAffected Code Paths
1. Built-in
runWebFetch(pi-embedded-*.js)2. Firecrawl client (
firecrawl-client-*.js)Uses
withStrictWebToolsEndpointwhich callswithWebToolsNetworkGuardwithoutuseEnvProxy: true:Working path (for comparison)
web_searchuseswithTrustedWebToolsEndpoint:Error
The SSRF guard tries to resolve the target hostname via DNS before checking the proxy, which fails in environments where all DNS must go through the proxy.
v4.9 Partial Fix
v4.9 improved
fetch-guardso thatTRUSTED_ENV_PROXYmode skips DNS pinning for the target URL (the env proxy check now runs beforeresolvePinnedHostnameWithPolicy). However, the callers listed above don't setuseEnvProxy: true, so theTRUSTED_ENV_PROXYmode is never activated forweb_fetch.Fix
Add
useEnvProxy: trueto thefetchWithWebToolsNetworkGuardcall inrunWebFetch, and pass it through inwithStrictWebToolsEndpoint. This is a 2-line change.Related
globalThis.fetchignores proxy env vars (same root cause class)Confirmed on v2026.4.9, Linux x64, systemd gateway, OpenShell v0.0.25 sandbox with HTTP CONNECT proxy.