Web Watcher Pro

v1.0.1

Web Change Monitor — Generic webpage monitoring tool. Configure URL list → Skill checks for changes at set frequency → Feishu push notifications. Not tied to...

⭐ 0· 22·0 current·0 all-time

byYK-Global@billjamno58

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for billjamno58/web-watcher-pro.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Web Watcher Pro" (billjamno58/web-watcher-pro) from ClawHub.
Skill page: https://clawhub.ai/billjamno58/web-watcher-pro
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install billjamno58/web-watcher-pro

ClawHub CLI

Package manager switcher

npx clawhub@latest install web-watcher-pro

Security Scan

Capability signals

CryptoCan make purchasesRequires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Suspicious

high confidence

Purpose & Capability

The SKILL.md and included code implement a web change monitor and billing flow, which is coherent with the advertised purpose — but the registry metadata claims no required env vars or binaries while the SKILL.md and code clearly require Node.js, Playwright (Node), Python packages (requests, bs4), and billing environment variables. This mismatch between what the skill claims and what it actually needs is unexpected and unexplained.

Instruction Scope

Runtime instructions and code indicate the skill will fetch arbitrary HTTP(S) URLs (via a Node subprocess running Playwright), store history in /tmp/web-watcher-pro/history.db, and contact an external billing endpoint (skillpay.me). The SKILL.md lists SSRF protections, but the skill will still perform network fetches and send billing/user identifiers externally. The instructions do not include installation or dependency steps (Node/Playwright, Python deps), giving the agent broad runtime assumptions.

Install Mechanism

There is no install spec but the code depends on external runtime components: Node.js + Playwright invoked via node -e, Python packages (requests, bs4). Playwright installs can be heavy and typically require npm install; that is not declared. An instruction-only install combined with embedded Node scripts is disproportionate and increases operational risk if the runtime environment lacks those components.

Credentials

SKILL.md / code require these environment variables: FEISHU_USER_ID, SKILL_BILLING_API_KEY, SKILL_BILLING_SKILL_ID (for billing and possibly notifications). Registry metadata claims no required env vars — a direct inconsistency. Requesting an API key (SKILL_BILLING_API_KEY) is plausible for billing but demands secret management; FEISHU_USER_ID is user-identifying. The skill transmits FEISHU_USER_ID and billing info to an external domain (skillpay.me), which is appropriate for billing but should be explicitly declared in registry metadata and audited before use.

✓

Persistence & Privilege

The skill is not always-enabled and does not request platform-level persistence. It stores data under /tmp/web-watcher-pro (ephemeral), creates its own SQLite DB there, and does not appear to modify other skills or global agent settings. That scope is limited and expected for a monitoring tool.

What to consider before installing

Before installing or enabling this skill: 1) Require the publisher/source and a homepage or repository so you can review full source (monitor.py appears truncated in the package). 2) Verify runtime prerequisites are acceptable: Node.js and Playwright (Node) are required but not declared; ensure you want those dependencies and know how they will be installed and updated. 3) Treat SKILL_BILLING_API_KEY and FEISHU_USER_ID as secrets — confirm the billing provider (skillpay.me) is trustworthy and that you are comfortable this skill will transmit identifiers to that domain. 4) Ask the author to reconcile registry metadata with SKILL.md (declare required env vars and binaries) and to provide an install spec or containerized distribution to avoid ad-hoc installs. 5) If you decide to test, run the skill in an isolated sandbox, monitor network traffic (to confirm endpoints and payloads), and revoke the API key if anything looks suspicious. 6) If you cannot validate the billing endpoint or the missing install details, do not install or provide secrets.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cmc71y2y1qzpf457jdhbkds85gerr

22downloads

0stars

2versions

Updated 3h ago

v1.0.1

MIT-0

Web Watcher Pro

Configure any URL → Skill checks for changes at set frequency → Feishu notification.

Fully generic tool, not tied to any platform. Use cases: competitor new product alerts, price monitoring, inventory tracking, content change detection, forum thread monitoring.

Quick Start

Add a Monitored URL

User: Monitor this page: https://example.com/product/12345

Skill:

Fetches page, computes content hash
Asks for detection mode and frequency (or uses defaults)
Saves monitoring task, begins checking

Check Status

User: Show my monitored URLs
User: Which URLs have changed?

Remove Monitor

User: Remove monitoring for https://example.com/product/12345

Detection Modes

Mode	Description	Use Case
`hash`	MD5 hash of full HTML, triggers on any change	General, any page
`keyword`	Triggers when keyword appears/disappears	Inventory, price, specific content
`selector`	CSS selector extracts specific DOM elements for comparison	List pages (product listings, search results)
`regex`	Regex-defined trigger condition	Complex pattern matching

Examples

User: Monitor this page, alert me when price drops below 99
[URL]

User: Use keyword mode, alert when product name contains "New Arrival"
[URL]

Tiered Features

Feature	FREE	PRO
Monitored URLs	3	Unlimited
Check frequency	Every 24h	Every 1h
Detection mode	Hash only	Hash + Keyword + Selector + Regex
Change history	—	30 days
Feishu push	—	Yes
Price	Free	$0.01/call

Detection Modes Detail

Hash Mode

MD5 hash of full page HTML. Triggers on any content change.

Keyword Mode

Monitors for keyword appearance/disappearance. Case-insensitive.

Selector Mode

CSS selector extracts specific DOM elements. Compares extracted text between checks.

Regex Mode

Regex pattern matched against HTML. Triggers on pattern match change.

Change History

User: What pages have changed recently?
User: Show change history for https://xxx.com

Returns: change timestamp, change summary, time since last change.

Core Script

See scripts/monitor.py for full implementation:

from scripts.monitor import WebMonitor

monitor = WebMonitor(tier="pro")

monitor.add_task(
    url="https://example.com/product/123",
    name="Product A Monitor",
    mode="hash",
    frequency="6h",
)

monitor.check_all()  # Triggers Feishu push on changes
monitor.list_tasks()
monitor.remove_task(url="https://example.com/product/123")

Technical Implementation

Fetching: Playwright (headless) with random UA and anti-detection delays
Detection: MD5 hash / keyword match / CSS selector / regex
Storage: SQLite at /tmp/web-watcher-pro/history.db
Push: Feishu IM notifications with customizable templates
Anti-ban: Request intervals + random delays + 3x auto-retry

Security Notes

SSRF Protection: fetch_page() validates all URLs before sending to Playwright. Blocks: non-HTTP(S) schemes (file://, ftp://, data:, javascript:, etc.), localhost, 127.0.0.1, private IP ranges (10.x.x.x, 172.16-31.x.x, 192.168.x.x), link-local (169.254.x.x including AWS metadata 169.254.169.254), and IPv6 localhost. Unsafe URLs return None instead of triggering a network request.
Subprocess execution: Uses node -e subprocess for Playwright browser automation (anti-detection scraping). Node.js required. Timeout: 30s. Subprocess uses list form (not shell=True), eliminating command injection risk.
Data storage: Uses /tmp/web-watcher-pro/ for SQLite DB and config (no home directory write).
Billing data: FEISHU_USER_ID transmitted to skillpay.me/api/v1/billing for per-call charging.

Billing

Billing via skillpay.me/api/v1/billing/charge
User data transmitted to SkillPay for billing identification
$0.01 USD per check call (PRO tier)

Required Environment Variables

Variable	Description
`FEISHU_USER_ID`	User open_id for billing
`SKILL_BILLING_API_KEY`	SkillPay Builder API Key
`SKILL_BILLING_SKILL_ID`	SkillPay Skill ID (default: web-watcher-pro)

Common Errors

Error	Cause	Solution
`Failed to fetch page`	Page blocked or unavailable	Check URL accessibility
`Invalid mode`	Unsupported detection mode	Use: hash, keyword, selector, regex
`TASK_LIMIT_EXCEEDED`	URL count exceeds tier limit	Upgrade or remove existing URLs

Comments

Loading comments...