Ecommerce Scraper
Security checks across malware telemetry and agentic risk
Overview
This scraper is designed to hide automation from anti-bot protections and reuse shopping-site login cookies, creating serious account and policy risk.
Do not install or use this skill against sites you do not own or have explicit permission to scrape. Avoid logging in with personal accounts; if you test it, use an isolated environment and throwaway account, remove the Cloudflare/stealth bypass behavior, pin Playwright dependencies, rate-limit requests, and delete data/cookies.json afterward.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using this skill could violate site rules, trigger account bans or legal complaints, and direct the agent to bypass protections rather than stay within authorized scraping boundaries.
The skill openly instructs automation to bypass Cloudflare and hide Playwright/webdriver signals, which is deliberate evasion of third-party bot protections.
支持Cloudflare反爬... ### 2. 绕过Cloudflare ... Object.defineProperty(navigator, 'webdriver', {get: () => undefined});Only use scraping automation on sites where you have explicit permission; remove stealth/bypass behavior, respect robots.txt and rate limits, and avoid Cloudflare/bot-protection evasion.
Saved cookies may grant access to your ecommerce accounts on later runs and could expose those sessions if the local file is read or copied.
After JD/Taobao login, the script captures browser session cookies and writes them to a local JSON file, while the registry declares no primary credential or config path.
self.cookies_file = 'data/cookies.json' ... cookies = self.context.cookies() ... self._save_cookies(cookies)
Do not use personal accounts; require explicit opt-in before saving cookies, store them securely, document the credential scope, and provide a clear cleanup path.
Future scraping runs can continue under a logged-in account without a fresh login prompt, which makes accidental or unauthorized account-backed scraping more likely.
The script automatically reloads previously saved cookies into new browser contexts, preserving logged-in authority beyond the original login task.
if os.path.exists(self.cookies_file): ... self.context.add_cookies(cookies) ... print("✅ Cookie已加载")Make session reuse explicitly user-approved for each run, isolate browser profiles, and delete data/cookies.json after testing.
Manual installation from unpinned sources can make reproducibility and dependency trust harder to verify.
The included scripts depend on Playwright and a Chromium browser install, but the provided install specification is absent, so dependency versions and provenance are not pinned by the skill.
print("❌ 需要安装Playwright: pip install playwright && playwright install chromium")Add a reviewed install spec with pinned Playwright/browser versions, or install dependencies manually from trusted sources in an isolated environment.