Url Reader
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill mostly matches its URL-reading purpose, but it should be reviewed carefully because it can persist a WeChat login session and use automated scraping through third-party services.
Before installing, decide whether you are comfortable with third-party scraping services receiving the URLs you provide, with a local WeChat session file being saved, and with files being written to the hard-coded output directory. Use an isolated environment, pin dependencies, and delete data/wechat_auth.json when no longer needed.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A saved WeChat session file could allow later automated access as the logged-in user if the skill or local files are misused.
The script saves browser storage state after WeChat login, which can include cookies/session data that grant account access.
storage = await context.storage_state(); ... json.dump(storage, f, ensure_ascii=False, indent=2)
Only run the login setup if needed, protect or delete data/wechat_auth.json after use, and avoid using valuable accounts unless the session handling is acceptable.
Using it on protected platforms could risk account lockouts, unexpected authenticated access, or violation of site controls.
The skill explicitly advertises anti-scraping bypass and persistent login-state browser automation, which expands ordinary URL reading into automated access around site controls.
- 自动绕过反爬机制 - 支持登录态保持 - 可处理任何网站
Require explicit user approval before using Playwright or saved login state, avoid bypassing verification flows, and clearly limit which sites/accounts may be accessed.
Private, tokenized, internal, or sensitive URLs may be disclosed to Firecrawl or Jina if entered.
The skill sends the user-provided URL to external reader/scraping services as part of its normal workflow.
策略1:Firecrawl API(首选) ... result = app.scrape(url, formats=["markdown"])
策略2:Jina Reader API(备选) ... https://r.jina.ai/{原始URL}Do not use this skill for sensitive or non-public URLs unless you are comfortable sharing them with those providers.
Install-time behavior depends on the current package/browser sources rather than locked reviewed versions.
The documented setup installs unpinned Python packages and a Playwright browser download, while the registry has no install spec.
pip install firecrawl-py requests pip install playwright playwright install chromium
Install in an isolated environment, pin dependency versions, and review package sources before use.
Generated files may be saved somewhere unexpected, especially on systems that are not the developer's machine.
The skill automatically creates directories, writes Markdown, and downloads images to a hard-coded local output path.
DEFAULT_OUTPUT_DIR = "/Users/ys/laoyang知识库/nickys/素材"
Change the output directory before use and confirm where downloaded content and images will be stored.