ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

skroller

v0.0.1

Automate scraping and filtering of public social media posts with keyword search, engagement filters, deduplication, and export to JSON, CSV, or notes apps.

0· 178·0 current·0 all-time
byX@10oss
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the code and docs: Playwright-based browser automation across many social platforms, filtering/deduplication, digest generation, and export to note apps. The declared dependencies (playwright in package.json) and included scripts align with the stated purpose.
!
Instruction Scope
SKILL.md and the scripts instruct the agent to perform broad browser automation, login when needed, persist cookies, write a seen-posts file, and call external services (Notion API, grizzly CLI). The docs also include explicit anti-bot/evading techniques (user-agent rotation, proxy rotation, human mouse simulation, residential proxy vendors) that go beyond benign automation recommendations and may facilitate bypassing platform protections. The skill reads/writes local files (.skroller-seen.json, cookies.json, and note vaults) and sends data to external endpoints (Notion API) — these are within scope for export but should have been declared.
Install Mechanism
The registry entry provides no install spec, but package.json lists Playwright (a large dependency) meaning users will need to run npm install to use it. There are no suspicious external download URLs; all code is included. The absence of an explicit install/install-time instructions in the registry is notable (user will need to install Node >=18 and run npm install), but not inherently malicious.
!
Credentials
The skill's metadata declares no required environment variables, yet the SKILL.md and scripts reference/expect secrets and external credentials (e.g., NOTION_API_KEY / NOTION_TOKEN, MS_TOKEN, and possibly others for note APIs). Exports use process.env.NOTION_API_KEY and command examples show $MS_TOKEN. Those credentials are reasonable for the export features, but they should have been declared in requires.env/primaryEnv. The exporter also runs shell commands (execSync) which increases the impact of any supplied tokens or untrusted content. Overall, requested/used environment access is underdeclared and therefore disproportionate to the registry metadata.
Persistence & Privilege
The skill does not request always: true and does not modify other skills. It writes local files (seen posts file, cookies.json, creates notes in user-specified vaults and paths) and may create notes via external services (Notion). Writing to the user's filesystem and storing cookies/seen-posts is expected for a scraper but is persistent behavior the user should be aware of.
What to consider before installing
What to consider before installing/using this skill: - Missing declared secrets: The registry lists no required env vars, but the code expects values such as NOTION_API_KEY / NOTION_TOKEN and MS_TOKEN for exports; confirm which credentials you'll need and avoid supplying high-privilege tokens. Prefer creating a dedicated, limited-scope API key for Notion/OneDrive if you use those features. - Filesystem writes: The tool writes files (e.g., .skroller-seen.json, cookies.json) and creates notes in your specified vault/folders. Run in an isolated directory or VM to avoid accidental contamination of your primary workspace. - Anti‑bot / evasion guidance: The docs explicitly recommend proxy rotation, residential proxy services, user-agent rotation, and mouse simulation. Those are techniques that can be used to evade platform detection and may violate target platforms' Terms of Service — do not use them to bypass access controls or for abusive purposes. - Shell execution: export-to-notes uses child_process.execSync (invoking 'grizzly' CLI and constructing shell commands). If you pass untrusted input into filenames, note titles, or tags, it could result in command injection. Audit how filenames/titles are constructed before running with untrusted data. - Legal/ToS risk: The author repeatedly notes ToS and privacy obligations, but that is not a guarantee. Scraping certain platforms (LinkedIn, Twitter/X, Instagram) may violate their Terms; consult legal counsel if this is for commercial use or large‑scale collection. - Recommended actions before running: - Inspect the scripts (you already have them) and search for any references to environment variables or remote endpoints you do not expect. - Run npm install and test in a sandboxed environment (container/VM) first. - Use low-volume, conservative settings, and prefer official APIs where available. - If exporting to third‑party services, create limited-scope API tokens and avoid using personal or organization-wide tokens. - Consider removing or hardening anti-evasion/proxy code if you intend to remain strictly within platform policies. If you want, I can list every environment variable and external dependency the code references and point to the exact lines where they appear.
scripts/export-to-notes.js:160
Shell command execution detected (child_process).
scripts/skroller.js:28
Dynamic code execution detected.
scripts/export-to-notes.js:232
Environment variable access combined with network send.
!
scripts/export-to-notes.js:50
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ff03de7taw6qsn1b81t48w982yg8b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments