Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
deep-scraper
v1.0.0A Docker-based tool using Crawlee and Playwright to deeply scrape complex sites like YouTube, extracting verified raw transcripts or descriptions with ads re...
⭐ 0· 17·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims a Dockerized Crawlee+Playwright scraper for sites like YouTube and the code (main_handler.js / youtube_handler.js) implements that behavior. However, the registry metadata at the top lists no required binaries while SKILL.md and package.json explicitly require Docker. SKILL.md also instructs building an image tagged skillboss-crawlee, but no Dockerfile is present in the file manifest — this mismatch is a strong coherence issue.
Instruction Scope
Runtime instructions explicitly require building and running a Docker image and mounting local skill assets, and they describe network interception of requests to capture YouTube timedtext APIs. The code performs network-level interception and fetches intercepted API URLs from the page. Those actions are consistent with the stated scraping purpose, but the instructions promise a Dockerfile to remain in the directory while the manifest does not include one. The SKILL.md also instructs copying the skill directory into a host skills/ folder and mounting assets — this grants the container read access to whatever is mounted and could expose unintended host data if users mount different paths.
Install Mechanism
There is no formal install spec. SKILL.md expects you to docker build a local Dockerfile, but the repository snapshot lacks a Dockerfile. Because no image source is provided, the user would have to create their own Dockerfile or run unknown build steps — a risky manual step. package.json lists dependencies (crawlee, playwright) but without a Dockerfile or explicit install instructions, it's unclear how the runtime environment will be created. This gap increases the chance a user will follow unsafe ad-hoc build/run steps.
Credentials
The skill declares no required environment variables or credentials, which is consistent with its scraping-only purpose. The code clears cookies and interacts with page context; that is expected. However, running arbitrary scraping containers can still expose sensitive host data if users mount inappropriate paths, and intercepted network traffic could include private tokens if the page is authenticated — the SKILL.md forbids scraping protected data but cannot enforce it.
Persistence & Privilege
The skill is not set always:true and does not request elevated platform privileges in the manifest. It appears to be user-invocable only, which is proportionate for a scraper tool.
What to consider before installing
Do not run this skill as-is. Key issues to resolve before installing: (1) The SKILL.md requires you to build a Docker image but no Dockerfile is included — ask the publisher for the Dockerfile or a verified image source. (2) The registry metadata omits Docker as a required binary even though the skill depends on it — confirm system requirements. (3) Running the scraper requires building/running a container; avoid mounting sensitive host directories into the container and inspect any Dockerfile or image build steps for unexpected commands or external downloads. (4) The code intercepts network traffic in-browser to fetch API endpoints — this is normal for this use-case but could capture tokens or private content if used against authenticated pages; only run against public pages you control or trust. If the publisher cannot provide a Dockerfile or a trusted release image, treat the package as untrusted and do not run it on sensitive hosts.Like a lobster shell, security has layers — review code before you run it.
aivk97624ypfy0pmebqqd8pjd5ebh8517wylatestvk97624ypfy0pmebqqd8pjd5ebh8517wy
License
MIT-0
Free to use, modify, and redistribute. No attribution required.