ClawHub

ScrapeBadger

v1.0.0

Web scraping platform — Twitter/X data, Vinted marketplace, and general web scraping API

0· 63·0 current·0 all-time
by@0xghostcasper
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the declared capability (web scraping for Twitter/X, Vinted, and general sites). The only required secret is SCRAPEBADGER_API_KEY, which is appropriate for a third‑party web API client. The package.json repository URL and the SKILL.md base URL point to a single provider, so what the skill claims is consistent with what it requests.
Instruction Scope
SKILL.md is instruction-only and tells the agent to use the web_fetch tool to call documented endpoints and include X-API-Key: $SCRAPEBADGER_API_KEY. It does not instruct the agent to read other files, system credentials, or unrelated environment variables, nor to exfiltrate data to unexpected endpoints. (It does list some provider URLs like docs.scrapebadger.com and mcp.scrapebadger.com for reference; those are informational only.)
Install Mechanism
No install spec is present and there are no code files beyond package.json and SKILL.md, so nothing will be downloaded or written to disk by an installer. This is the lowest-risk pattern for an OpenClaw skill.
Credentials
Only one environment variable is required (SCRAPEBADGER_API_KEY), which is proportionate to a service integration. Minor registry metadata inconsistency: 'primary credential' is listed as none in the registry though an API key is required—this is an administrative metadata omission, not a functional mismatch.
Persistence & Privilege
The skill does not request permanent presence (always:false) and does not ask to modify other skills or system configuration. Autonomous invocation (disable-model-invocation:false) is the default and not a red flag by itself.
Assessment
This skill appears coherent and only needs an API key for the documented scraping endpoints. Before installing: verify the provider (scrapebadger.com) and that the docs/dashboard URLs are legitimate; prefer issuing a limited/revocable API key (not a long-lived all-access secret); review billing/credit usage and rate limits; confirm scraping these targets complies with Twitter/X, Vinted, and site Terms of Service and privacy rules for your use case; and if you do not want the agent to call the service autonomously, restrict or monitor agent invocation. Also note a minor metadata omission in the registry (primary credential unset) — you may want to confirm the skill author and repository if you need a higher assurance level.

Like a lobster shell, security has layers — review code before you run it.

apivk9774fb5swqy4cq2cvq3w1dmmh84ax3elatestvk9774fb5swqy4cq2cvq3w1dmmh84ax3escrapingvk9774fb5swqy4cq2cvq3w1dmmh84ax3etwittervk9774fb5swqy4cq2cvq3w1dmmh84ax3evintedvk9774fb5swqy4cq2cvq3w1dmmh84ax3eweb-scrapingvk9774fb5swqy4cq2cvq3w1dmmh84ax3e

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvSCRAPEBADGER_API_KEY

Comments