Media Crawler
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s crawler purpose is clear, but it installs and runs changing third-party code and caches login sessions without clearly documenting credential scope or cleanup.
Review the upstream MediaCrawler project before installing, preferably run it in an isolated environment, and use a dedicated account for QR login. Make sure you understand where login sessions and scraped results are stored and how to delete them, and only crawl data where you have permission and a lawful basis.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your social-platform session may be stored locally and reused by the crawler, which could expose or misuse account access if the cloned project or local machine is compromised.
The skill says it caches login state, and the usage examples use QR-code login, but the registry metadata declares no credential requirement and the artifacts do not explain where sessions are stored, how long they persist, or how to remove them.
- 登录态缓存
Use a dedicated low-privilege account, review the upstream MediaCrawler session-storage behavior, run in an isolated environment, and provide clear cleanup instructions before relying on cached login state.
Installation depends on external code and dependencies that can change after this skill version was published.
The setup script openly downloads an installer, clones the MediaCrawler repository from GitHub, and installs dependencies without pinning a commit or lockfile in the reviewed artifacts.
curl -LsSf https://astral.sh/uv/install.sh | sh ... git clone "$REPO_URL" "$PROJECT_DIR" ... uv sync
Review the upstream repository before installing, consider pinning a known commit, and run setup in a virtual machine or other isolated environment if possible.
The crawler may collect large amounts of platform data and could violate site rules, privacy expectations, or laws if used carelessly.
The skill provides broad crawling workflows across multiple social platforms, including comments and creator pages; this is aligned with the stated purpose but can be misused if run outside authorized or compliant contexts.
- 关键词搜索采集 - 指定帖子/内容 ID 采集 - 创作者主页采集 - 评论/二级评论抓取
Only collect data you are authorized to access, follow platform terms and local law, avoid sensitive personal data, and use conservative rate limits.