Webpage Export
Security checks across malware telemetry and agentic risk
Overview
This skill appears to match its webpage-export purpose, but it uses local fetch/browser tools and stores exported page content for later use.
Before installing, be comfortable with the skill fetching URLs, optionally rendering pages in Chrome/Chromium, and writing TXT/DOCX/PDF plus metadata files locally. Use explicit output folders, verify local dependencies from trusted sources, and treat saved webpage content as untrusted source material.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can retrieve and process web content from user-provided URLs into local files.
The script passes the supplied URL to local command-line tooling. This is expected for a webpage exporter, but users should recognize that the tool will fetch whatever URL is provided.
result = run(['curl', '-L', '--max-time', '30', '-A', UA, url])
Use it only with URLs you intend to fetch, and prefer explicit output folders for shared or production work.
Dynamic webpages may run their normal browser-side scripts during extraction or PDF rendering.
The artifacts clearly disclose that difficult pages may be rendered in a headless browser, which can execute page JavaScript. This is purpose-aligned for dynamic webpage extraction.
Browser-assisted fallback executes page JavaScript and should be used only when needed.
Use browser-assisted fallback only when needed, especially for unfamiliar or untrusted pages.
The skill may fail or behave differently depending on locally installed tools and packages.
The skill documents local runtime dependencies, while the registry requirements declare none. This is an under-declared setup requirement rather than evidence of malicious behavior.
Requires `python3`. Requires `curl` for baseline webpage fetching. PDF export requires Chrome or Chromium. Browser-assisted fallback requires `node` and the `playwright` package.
Confirm the required local tools are installed from trusted sources before using DOCX/PDF or browser-assisted modes.
Untrusted webpage content may be saved and later read by other agents or workflows.
The exported webpage text and metadata are intended for downstream reuse. Because webpage content is untrusted, later agents should not treat embedded webpage text as instructions.
Use this skill to turn a webpage URL into local files that downstream agents can archive, send, or reference.
Treat exported page content as source material only, and do not follow instructions that appear inside archived webpages unless the user explicitly asks.