Web Scraper Jina
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only scraper openly promotes bypassing Cloudflare/Turnstile protections and scraping any site through a third-party service, which needs careful review before use.
Review carefully before installing. This skill has no code or install-time behavior, but its instructions encourage using r.jina.ai to bypass Cloudflare/Turnstile and scrape arbitrary sites. Only use it on public content you are authorized to scrape, and never send private, internal, signed, or token-containing URLs through the external service.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could attempt to access or scrape sites in ways that violate site rules, legal restrictions, or anti-abuse protections.
The skill's core capability is explicitly framed as bypassing anti-bot and site-protection mechanisms, not merely retrieving ordinary public pages.
Bypass Cloudflare, Turnstile, and other protections
Use only for sites you are authorized to access and scrape. Do not use it to bypass CAPTCHA, Cloudflare, Turnstile, login walls, paywalls, or other protections without permission.
The agent may treat arbitrary user-provided or discovered URLs as scrape targets, including protected or sensitive pages.
The instruction is very broad and does not define safe target scope, authorization requirements, rate limits, or exclusions for private/protected pages.
Simply prepend `https://r.jina.ai/` to any URL
Require explicit user approval for each target domain or URL, limit use to public authorized content, and add guidance about robots.txt, terms of service, and privacy-sensitive URLs.
If a private, internal, signed, or token-bearing URL is used, the URL may be exposed to the external scraping provider.
The skill routes target URLs through a third-party service, so r.jina.ai can observe the requested URL and potentially associated query parameters.
return requests.get(f"https://r.jina.ai/{url}").textDo not send URLs containing secrets, session tokens, private document links, intranet hosts, or sensitive query parameters through this service.