ScrapeSense.com Developer
v1.0.1Comprehensive ScrapeSense public API developer skill for scan orchestration, places extraction, campaign lifecycle, email cleaning, billing endpoints, and AP...
⭐ 0· 521·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description and the endpoint/capability references align with a ScrapeSense developer integration (scans, places, campaigns, billing, keys, webhooks). However, the skill advertises API key lifecycle and webhook management yet declares no required credentials or primaryEnv; that omission is inconsistent with the stated purpose and could cause confusion about how credentials are supplied at runtime.
Instruction Scope
SKILL.md and the two reference files are instruction-only and instruct use of documented public API routes. There are no instructions to read arbitrary local files, access unrelated system state, or transmit data to unexpected endpoints. Guardrails explicitly require using only documented public API routes and avoiding internal commands.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk or downloaded during install — the lowest-risk install model.
Credentials
The skill heavily implies needing a ScrapeSense API key (and manages developer keys/webhooks), but requires.env and primary credential are empty. That mismatch is a proportionality concern: a developer integration normally declares where the API key/token should be provided. The SKILL.md also references local packaging/validation scripts under /usr/lib/node_modules which are benign as documentation but could be confusing to non-technical users about what is required at runtime.
Persistence & Privilege
always:false and the skill is user-invocable. It does not request permanent presence or elevated platform privileges, nor does it instruct modifying other skills or global agent settings.
What to consider before installing
This skill appears to be an instruction-only wrapper around the ScrapeSense public API and does not contain code that will run on your machine — that reduces some risk. However, it mentions API keys and webhook management but does not declare how credentials are to be provided. Before installing or using it: (1) Confirm how the agent/platform will supply your ScrapeSense API key (ask the skill author or seller to declare required env vars or credential inputs). (2) Use a low-privilege or test API key with limited scope/credits while evaluating. (3) Be cautious about any flows that trigger bulk email sends or webhook configurations — follow the skill's own advice to require human approval before bulk sends. (4) If you need assurance, request the author to explicitly list required environment variables or a sample invocation showing how credentials are provided; that will remove the main inconsistency flagged here.Like a lobster shell, security has layers — review code before you run it.
apivk97a0jth9xrpfgnp008kx6paen81gmxqautomationvk97a0jth9xrpfgnp008kx6paen81gmxqcampaignsvk97a0jth9xrpfgnp008kx6paen81gmxqdevopsvk97a0jth9xrpfgnp008kx6paen81gmxqlatestvk978zrcmqeca1a5dbyh3cxbkvd81h5k5lead-generationvk97a0jth9xrpfgnp008kx6paen81gmxqscrapesensevk97a0jth9xrpfgnp008kx6paen81gmxqwebhooksvk97a0jth9xrpfgnp008kx6paen81gmxq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.