ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agentql

v1.0.0

Web scraping and browser automation using AgentQL — query any webpage with natural language to extract structured data, interact with elements, and automate...

0· 46·1 current·1 all-time
by@dhua2020
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md content matches the declared purpose (web scraping/browser automation via AgentQL and Playwright). However the registry metadata lists no dependencies or env vars while the instructions clearly require a Python package and Playwright, so the declared requirements are incomplete.
!
Instruction Scope
Runtime instructions instruct the agent to use an AGENTQL_API_KEY and to call out to https://dev.agentql.com, use the 'agentql' Python package and Playwright, and optionally connect to a local browser over CDP (127.0.0.1:9222). The skill doc therefore requires network communication (sending page context to an external API) and potential control over a local browser session; the registry did not declare these data flows or permissions.
Install Mechanism
There is no install spec (instruction-only), which reduces disk-write risk. But the SKILL.md implies installing Python packages (agentql, playwright) which are not declared in metadata; missing dependency/install information is an integrity/usability gap.
!
Credentials
The SKILL.md requires AGENTQL_API_KEY and an external service (dev.agentql.com) but the skill metadata lists no required environment variables or primary credential. That omission hides that a third-party API key is needed and that page contents will be sent to an external endpoint.
Persistence & Privilege
The skill is not always-enabled and does not request elevated/persistent agent privileges. It is user-invocable and allows autonomous invocation (default), which is normal but increases blast radius if combined with other risks.
What to consider before installing
This skill's instructions require an AGENTQL_API_KEY, the 'agentql' Python package, and Playwright, but the registry metadata doesn't declare those or provide a source/homepage. Before installing or using it: 1) Ask the publisher for the source code or a trustworthy homepage (GitHub/PyPI) so you can inspect the agentql package and confirm what data is sent to the API. 2) Confirm exactly what the API receives (full page HTML, screenshots, or extracted fields) and the privacy/retention policy at dev.agentql.com. 3) Avoid connecting the skill to your regular, logged-in browser via CDP unless you understand the risks (it can access open sessions and sensitive data). 4) If you must try it, run it in an isolated environment (throwaway VM/container, throwaway browser profile) and use a limited, revocable API key. 5) If the author cannot provide provenance or code, treat the skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bwc4tjwcx02w4xk7rb3rjts83ng4d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments