ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Web Scraping & Data Extraction Engine

v1.0.0

Complete web scraping methodology — legal compliance, architecture design, anti-detection, data pipelines, and production operations. Use when building scrap...

0· 1.2k·5 current·5 all-time
by@1kalin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description align with the SKILL.md content: comprehensive guidance for building scrapers, architecture choices, data pipelines, and anti-detection strategies. No declared credentials or installs are required, which is consistent with an instruction-only methodology skill.
!
Instruction Scope
The instructions go beyond benign best-practices and include explicit anti-detection tactics (proxy rotation, fingerprint diversity, stealth configs, Cloudflare bypass references and managed 'anti-bot bypass' providers). That content can facilitate evading site protections and accessing data behind defenses; this raises legal and ethical risk even if the skill frames compliance checks first.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk or downloaded by the skill itself, which lowers technical supply-chain risk.
Credentials
The skill declares no required environment variables or credentials (proportionate for a methodology document). However, it repeatedly recommends third-party proxy and scraping services (Bright Data, Oxylabs, ScrapingBee, etc.) that in practice require credentials and billing; those are not declared in the skill metadata, so users must be mindful to supply and protect such secrets outside the skill.
Persistence & Privilege
always:false and no special privileges requested. Autonomous invocation is allowed (platform default) — combined with the anti-detection guidance this increases potential misuse, but the skill itself does not request persistent or cross-skill configuration changes.
What to consider before installing
This skill is a comprehensive how-to for building scrapers and includes detailed techniques for evading anti-bot measures. That makes it helpful for legitimate engineering but also increases legal and ethical risk. Before installing: (1) Confirm you have a lawful use case and get legal review for target jurisdictions; (2) prefer using official APIs where available and follow robots.txt/ToS; (3) do not rely on this to bypass authentication or protections—doing so may violate laws (CFAA, GDPR, etc.); (4) do not provide the agent with credentials or broad network access unless you trust the agent and audit its actions; (5) if you proceed, restrict the agent’s permissions, enable logging/alerts, and avoid giving it the ability to autonomously execute network operations or provision third-party services without human-in-the-loop approval. If you need only compliance/architecture guidance, consider extracting those sections and avoiding the anti-detection recommendations.

Like a lobster shell, security has layers — review code before you run it.

automationvk976jbk9qkcasthv5gss59jd5981nh94crawlingvk976jbk9qkcasthv5gss59jd5981nh94datavk976jbk9qkcasthv5gss59jd5981nh94extractionvk976jbk9qkcasthv5gss59jd5981nh94latestvk976jbk9qkcasthv5gss59jd5981nh94pipelinevk976jbk9qkcasthv5gss59jd5981nh94proxyvk976jbk9qkcasthv5gss59jd5981nh94scrapingvk976jbk9qkcasthv5gss59jd5981nh94webvk976jbk9qkcasthv5gss59jd5981nh94

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments