Skrape
PassAudited by ClawScan on May 1, 2026.
Overview
Skrape is a coherent instruction-only web scraping guidance skill with responsible-use safeguards, though users should not treat its sample robots.txt logic as a complete compliance guarantee.
This skill appears safe to install as instruction-only scraping guidance. Before using it, choose targets carefully, verify robots.txt and site terms yourself, prefer official APIs, avoid authenticated or personal data unless clearly permitted, and redact or limit scrape logs.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could request pages that a site owner does not want scraped or collect data beyond the user’s intended scope.
The sample provides generic HTTP/HTTPS retrieval logic for arbitrary URLs. This is central to a scraping skill and is paired with throttling guidance, but users should ensure every target is authorized and scoped.
get(url) { ... const req = protocol.get(url, { headers: { 'User-Agent': this.userAgent, ... }Use only user-directed targets, check robots.txt and terms of service, prefer official APIs, and keep throttling/backoff enabled.
A user might assume the sample always proves scraping is allowed, when network errors or incomplete robots parsing could still lead to non-compliant scraping.
The skill advertises robots.txt adherence, but the sample verifier allows scraping when robots.txt is missing or cannot be fetched. This is visible in the artifact and not hidden, but it means the compliance claim should be treated as guidance rather than a complete guarantee.
resolve(true); // Missing robots.txt = permitted ... .on('error', () => resolve(true));For sensitive or commercial scraping, fail closed when robots.txt cannot be checked, use a mature robots.txt parser, and manually review site terms.
Scraping logs could preserve sensitive URLs or source details longer than intended.
The skill recommends logging extraction activity. This is a reasonable audit practice for scraping, but logs of sources or URLs may retain sensitive query strings or personal-data context if the user scrapes such material.
Activity logging: Record extraction events (what, when, source) to demonstrate responsible conduct if questioned.
Avoid logging secrets or personal data in URLs, redact query strings where possible, and set retention limits for scrape logs.