web-fetch
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly does what it says, but it explicitly uses stealth browser automation to bypass anti-crawler detection and disables Chromium sandboxing while loading arbitrary URLs.
Install only if you are comfortable running stealth browser automation. Use it only for websites where automated fetching is permitted, and preferably run it in an isolated environment because the script disables Chromium sandboxing while visiting arbitrary URLs.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using this skill may make the agent access websites in ways the sites attempt to block, creating legal, policy, or account-risk issues for the user.
The skill explicitly advertises anti-crawler detection bypass using stealth automation, which can cause an agent to evade website bot protections rather than simply fetch public content normally.
支持绕过大多数基础反爬虫检测 ... 集成了 `playwright-extra` 和 `puppeteer-extra-plugin-stealth`
Use only on sites where automated access is allowed or authorized, and add clear guardrails requiring user approval before stealth fetching.
A malicious webpage could have a higher chance of affecting the local environment because normal browser sandboxing is disabled.
The script disables Chromium sandbox protections while loading arbitrary target URLs, increasing local risk if a malicious page or browser exploit is encountered.
browser = await chromium.launch({ headless: true, args: ['--no-sandbox', '--disable-setuid-sandbox'] }); ... await page.goto(urlAvoid disabling the browser sandbox unless strictly required; run the tool in an isolated container or VM if sandbox disabling is necessary.
Installing dependencies may pull changed third-party code from npm, which can affect reliability and supply-chain exposure.
The skill relies on third-party npm packages with version ranges rather than fully pinned versions or a provided lockfile, so future installs may resolve to different package versions.
"dependencies": { "playwright": "^1.58.2", "playwright-extra": "^3.1.2", "puppeteer-extra-plugin-stealth": "^2.11.2", "turndown": "^7.1.2" }Pin exact dependency versions, include a lockfile, and install in an isolated environment.