Scrapling MCP
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent web-scraping guidance skill, but it includes powerful anti-bot, crawling, and local persistence features that should be used only on authorized targets.
This skill appears aligned with its web-scraping purpose and does not show hidden exfiltration or destructive behavior. Before installing, be comfortable with installing Scrapling and Playwright, and use the anti-bot, proxy, and spider features only for authorized scraping with clear limits on target sites, concurrency, and retained crawl data.
Static analysis
Static analysis findings are pending for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could scrape protected or rate-limited websites in ways that violate site rules or create operational risk.
The skill exposes anti-bot scraping functionality through MCP. This is clearly related to the stated scraping purpose, but it is a capability users should restrict to authorized targets.
### fetch_stealthy Anti-bot fetch with Cloudflare bypass.
Use these tools only for sites you own, have permission to test, or are allowed to scrape; add human review for stealth, proxy, and large-crawl actions.
Installing external packages may introduce dependency or version risk if done in a sensitive environment.
The setup uses external package and browser installs. These are expected for Scrapling and Playwright, but the artifacts do not pin versions or provide a registry install spec.
pip install scrapling[mcp,playwright] python -m playwright install chromium
Install in a virtual environment, verify the package source, and pin versions if you need reproducible or production-safe use.
Local crawl data, checkpoints, or adaptive selector state could retain information longer than expected.
The skill documents persistent crawl state. This is useful and purpose-aligned, but stored crawl output or checkpoints may contain scraped content or state reused across runs.
Pause/Resume: `crawldir` parameter saves checkpoints
Store crawl data in a known project directory, avoid scraping sensitive personal or private data, and delete checkpoints when they are no longer needed.