ClawHub

Decodo Scraper

v1.1.0

Search Google, scrape web pages, Amazon product pages, YouTube subtitles, or Reddit (post/subreddit) using the Decodo Scraper OpenClaw Skill.

9· 1.3k·8 current·8 all-time
by@donatasdecodo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, README, SKILL.md, and the included Python tool all consistently implement a Decodo-backed web scraper (Google, Amazon, YouTube subtitles, Reddit, universal pages). The declared runtime requirement (DECODO_AUTH_TOKEN) is appropriate. Small inconsistency: the registry metadata at the top of the report lists no required env vars/primary credential, but SKILL.md and the script both require DECODO_AUTH_TOKEN.
Instruction Scope
SKILL.md and tools/scrape.py only instruct the agent to read a single DECODO_AUTH_TOKEN (or a .env file in the repo root), construct JSON payloads, and POST to scraper-api.decodo.com. The script does not read unrelated system files, other environment variables, or modify other skills or system settings.
Install Mechanism
There is no install spec (instruction-only), and included requirements.txt lists only requests and python-dotenv. No external arbitrary downloads, obscure URLs, or archive extraction are present. The user must install Python deps themselves (pip install -r requirements.txt).
Credentials
The only secret required is DECODO_AUTH_TOKEN (Basic token used in Authorization header) which is proportional to the task. Note the registry metadata did not list this required env var while SKILL.md and the code do — this mismatch should be reconciled before trusting the registry entry.
Persistence & Privilege
Skill is not always-enabled and is user-invocable. It does not request persistent elevated privileges, does not modify other skills or global agent configs, and does not request unrelated credentials.
Assessment
This skill implements a Decodo-hosted web-scraping client and requires a Decodo auth token (DECODO_AUTH_TOKEN). Before installing: 1) Verify you trust Decodo (https://decodo.com) because requests and scraped content are sent to scraper-api.decodo.com using your token. 2) Do not store the token in a committed .env file in a public repo — keep it in your environment or a secure secret store. 3) Reconcile the registry metadata mismatch (the registry claims no env vars while SKILL.md and the script require DECODO_AUTH_TOKEN). 4) Install dependencies locally (pip install -r requirements.txt) and inspect the code if you plan to run it in an environment with sensitive data. 5) If you need to prevent autonomous network calls, consider disabling model invocation or only invoking the skill manually. Overall the skill appears coherent for its described purpose, but only proceed if you trust the external Decodo service and follow best practices for handling the token.

Like a lobster shell, security has layers — review code before you run it.

latestvk978a29t9sqhf2g34x6xnt5ydd81fnwj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments