Traktor Web Scraper

This skill appears to be a high-coverage web scraper and is coherent with that purpose, but it has operational risks you should consider before installing: - Sanitize input: The SKILL.md substitutes a derived {site-name} directly into mkdir bash commands. A specially crafted URL could lead to unsafe directory names or path/command injection. Only run this against sanitized or trusted inputs, or ensure the implementation safely escapes filenames. - Resource and scope control: The skill spawns background Task subagents and promises 'paranoid' thoroughness. That can create many concurrent crawlers, consume large bandwidth/storage, and potentially overload systems or your agent environment. Limit the number of parallel jobs and set clear depth/size limits before running. - Data sensitivity: The scraper runs JavaScript in page context and will download whatever assets it finds. Do not run it against authenticated/private dashboards or sites with sensitive data you do not own — it can capture private content and credentials present in pages. - Browser-extension dependency: It requires the claude-in-chrome MCP server (a browser extension) to function. Installing or enabling that extension is a separate trust decision because it gives the extension access to pages visited during scraping. - Test in a sandbox: Before using on real targets, run the skill in a controlled environment with harmless test sites to confirm behavior (what it downloads, how it names files, and how many background agents it spawns). If you want to proceed, ask the skill author (or the platform integrator) to: (1) explicitly document and enforce filename/path sanitization, (2) provide configurable limits for concurrency and crawl depth, and (3) state whether the Task tool yields any external network uploads or telemetry beyond saving to PROJECT_DIR.